L2TP/IPsec icmp type 3, code 3

denisun · Thu Sep 03, 2020 10:06 am

I have this network:
lan <> MT <> PPPoE internet <> client
I have a L2TP IPsec VPN on MT with this configuration:

/ip pool
add name=vpn_pool1 ranges=192.168.0.11-192.168.0.15

/ppp profile
add dns-server=192.168.0.2 local-address=192.168.0.1 name=vpnprofile \
    remote-address=vpn_pool1
	
/ppp secret
add name=XXX password=XXX profile=vpnprofile service=l2tp

/interface l2tp-server server
set allow-fast-path=yes authentication=mschap2 default-profile=vpnprofile \
    enabled=yes ipsec-secret=XXX use-ipsec=required

/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-128,3des

/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms="aes-256-c\
    bc,aes-256-gcm,aes-192-cbc,aes-192-gcm,aes-128-cbc,aes-128-gcm,3des" \
    pfs-group=modp2048
	
/ip firewall filter
add action=accept chain=input dst-port=1194 protocol=\
    tcp

/ip firewall nat
add action=masquerade chain=srcnat out-interface=\
    bridge1 src-address=192.168.0.11-192.168.0.15

I can connect from my android 10 and win 10 device without any problem.
I have access to my local network and internet via VPN from above devices.
All work perfect.
When i terminate VPN connection i get correct message about:
terminating... - hungup
logged out
disconnected
But after that i get message about:
proto ICMP (type 3, code 3)
I have fw rules that block this icmp packet and the IP gone to black list.

What can i do?

L2TP/IPsec icmp type 3, code 3

L2TP/IPsec icmp type 3, code 3

Who is online