Community discussions

MikroTik App
 
pacmen
newbie
Topic Author
Posts: 36
Joined: Wed Dec 13, 2017 6:55 pm

L2TP server doesn't seems to be working

Wed Dec 13, 2017 10:04 pm

hello everyone,
I've trying to configure a vpn server for a while now and for some reason with no success.

Im trying to configure vpn server to get access to my local network.
since i use this vpn from my laptop and android i need to use a dial-up kind of method.

i've looked in mikrotik wiki and found many ways to configure but none of them worked, lately i found the following video and done everything in the exact order check hundred time but i still can get my laptop or android to connect to my vpn server.

I found that traffic get to my router but for some reason the l2tp server dosn't answer it, or maybe the firewall rules for some reason doesn't work.

its one of the times that i can't find a starting point to debug this issue, i would very appreciate your help!

i Have
RB2011iL
v6.40.5
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: L2TP server doesn't seems to be working

Thu Dec 14, 2017 10:14 am

Hello, can you post your config please?

Or mayben, you just need to activate proxy-arp on your local bridge or lan interface, depending your configuration.
 
pacmen
newbie
Topic Author
Posts: 36
Joined: Wed Dec 13, 2017 6:55 pm

Re: L2TP server doesn't seems to be working

Thu Dec 14, 2017 11:41 pm

# dec/14/2017 23:39:57 by RouterOS 6.40.5
# software id = 86MG-CGR4
#
# model = 2011iL
# serial number = 419C04352234
/interface bridge
add admin-mac=4C:5E:0C:38:BC:77 arp=proxy-arp auto-mac=no fast-forward=no \
    name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] full-duplex=no name=Wan_ToUnlimitedSwitch \
    speed=10Mbps
set [ find default-name=ether2 ] arp=disabled auto-negotiation=no name=\
    ether2-master-local speed=1Gbps
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
    ether4-slave-local
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
    ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
    ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
    ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=\
    ether10-slave-local
set [ find default-name=ether5 ] arp=reply-only master-port=\
    ether2-master-local name=Wifi-Lan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des \
    lifetime=0s pfs-group=none
/ip pool
add name=dhcp ranges=192.168.88.2-192.168.88.254
add name=VPN-L2TP ranges=10.10.10.10-10.10.10.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp authoritative=after-2sec-delay disabled=no \
    interface=bridge-local lease-time=1d10m name="Main Pool"
/ppp profile
add dns-server=8.8.8.8,8.8.4.4 local-address=10.10.10.1 name=VPN-L2TP \
    remote-address=VPN-L2TP use-encryption=yes
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=VPN-L2TP enabled=yes \
    ipsec-secret=123456 keepalive-timeout=disabled
/interface pptp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    ether2-master-local network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=Wan_ToUnlimitedSwitch
/ip dhcp-server lease
add address=192.168.88.19 mac-address=1A:39:A0:C8:D9:28 server="Main Pool"
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 disabled=yes name=router
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=\
    Wan_ToUnlimitedSwitch
add action=fasttrack-connection chain=forward comment="default configuration" \
    connection-state=established,related
add action=accept chain=forward comment="default configuration" \
    connection-state=established,related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=drop chain=forward comment="default configuration" \
    connection-nat-state=!dstnat connection-state=new in-interface=\
    Wan_ToUnlimitedSwitch
add action=accept chain=input comment="VPN L2TP\\IPsec" dst-port=1701 \
    protocol=udp
add action=accept chain=input comment="VPN L2TP\\IPsec" dst-port=500 \
    protocol=udp
add action=accept chain=input comment="VPN L2TP\\IPsec" dst-port=4500 \
    protocol=udp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input protocol=ipsec-esp
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=Wan_ToUnlimitedSwitch
add action=dst-nat chain=dstnat comment=syncthing dst-address=141.226.244.225 \
    dst-port=22000 protocol=tcp to-addresses=192.168.88.19
add action=dst-nat chain=dstnat comment=syncthing dst-address=141.226.244.225 \
    dst-port=21027 protocol=udp to-addresses=192.168.88.19
add action=dst-nat chain=dstnat comment=syncthing dst-address=141.226.244.225 \
    dst-port=8384 protocol=tcp to-addresses=192.168.88.19 to-ports=8384
add action=masquerade chain=srcnat comment="NAT L2TP/IPsec" src-address=\
    10.10.10.0/24
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp2048 disabled=yes enc-algorithm=\
    aes-256,aes-128,3des exchange-mode=main-l2tp generate-policy=\
    port-override secret=123456
add address=0.0.0.0/0 dh-group=modp1024 exchange-mode=main-l2tp secret=123456
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=dan password=123456 profile=VPN-L2TP service=l2tp
/system clock
set time-zone-name=Asia/Jerusalem
/system logging
add topics=firewall
add topics=l2tp
/tool graphing interface
add interface=ether2-master-local
add interface=ether3-slave-local
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=Wifi-Lan
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=Wifi-Lan
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=bridge-local
/tool sniffer
set filter-interface=Wan_ToUnlimitedSwitch
/tool traffic-generator
set test-id=1
/tool traffic-generator raw-packet-template
add name=packet-template1 port=*FFFFFFFF special-footer=no
/tool traffic-generator stream
add id=1 name=str1 packet-size=1500 port=*FFFFFFFF tx-template=\
    packet-template1
/tool traffic-monitor
add interface=ether2-master-local name=tmon1 threshold=0 traffic=received \
    trigger=always
 
disa
just joined
Posts: 16
Joined: Fri May 12, 2017 11:04 am

Re: L2TP server doesn't seems to be working

Fri Dec 15, 2017 10:56 am

What is event in log from topic l2tp and ipsec ?
 
pacmen
newbie
Topic Author
Posts: 36
Joined: Wed Dec 13, 2017 6:55 pm

Re: L2TP server doesn't seems to be working

Fri Dec 15, 2017 12:36 pm

What is event in log from topic l2tp and ipsec ?
There are no logs.
Ive added those in order to get information but no logs have been registered.
 
disa
just joined
Posts: 16
Joined: Fri May 12, 2017 11:04 am

Re: L2TP server doesn't seems to be working

Mon Dec 18, 2017 10:41 am

What is event in log from topic l2tp and ipsec ?
There are no logs.
Ive added those in order to get information but no logs have been registered.
You need to chage your orderliness firewall rules.
"add action=drop chain=input comment="default configuration" in-interface=\
Wan_ToUnlimitedSwitch" - must be at the end for chain input
And you should disable that rule - "add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related" and reload router. Fasttrack is not support for IPsec.

Who is online

Users browsing this forum: No registered users and 20 guests