Hello, I am pretty new to Mikrotik and would appreciate if someone could help me with my issue, thanks in advance.
I am trying to setup a VPN server behind my DSL Router.
My setup:
I have a RB2011 connected via ETH2 to a FritzBox DSL Router.
FritzBox DSL Router IP: 192.168.0.1
RB2011 IP: 192.268.0.2
My scenario 1) - works
I can connect my iPhone to the Mikrotik router via VPN connection by connecting to the 192.168.0.2 as the Server.
My scenario 2) - does not work
I looked up the public IP-Adress of my DSL router and used that in the iPhone Connection profile. In addition I created a exposed host in the FritzBox to the Mikrotik IP 192.168.0.2. So when I type in my public IP-Adress I get connected to the Web Interface of the Mikrotik. Also when I try to connect with the profile I see some messages in the log, but it always ends with :
tunnel 34 received no replies, disconnecting
tunnel 34 entering state: dead
[admin@MikroTik] > export
# may/04/2014 11:05:20 by RouterOS 6.12
# software id = 1AR0-NWHX
#
/interface ethernet
set [ find default-name=ether2 ] arp=proxy-arp
/ip ipsec proposal
add enc-algorithms=aes-128-cbc,aes-256-cbc lifetime=8h name="L2TP Proposal" \
pfs-group=none
/ip pool
add name="OpenVPN Pool" ranges=10.0.0.2-10.0.0.10
add name="L2TP Pool" ranges=10.1.0.2-10.1.0.10
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=10.1.0.1 name="L2TP Profile" remote-address=\
"L2TP Pool"
/interface l2tp-server server
set authentication=mschap2 default-profile="L2TP Profile" enabled=yes
/interface ovpn-server server
set certificate=cert_2 enabled=yes
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.0.2/24 interface=ether2 network=192.168.0.0
/ip dns
set servers=192.168.0.1
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.0.0.0/24
/ip ipsec peer
add enc-algorithm=3des exchange-mode=main-l2tp generate-policy=port-override nat-traversal=yes secret=2
/ip route
add distance=1 gateway=192.168.0.1
/ip upnp
set allow-disable-external-interface=no
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
/ppp secret
add name=ppp1 password=1
add name=ppp2 password=2 profile="L2TP Profile" service=l2tp
/system clock
set time-zone-name=Europe/Berlin
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set sfp1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6 disabled=yes display-time=5s
set ether7 disabled=yes display-time=5s
set ether8 disabled=yes display-time=5s
set ether9 disabled=yes display-time=5s
set ether10 disabled=yes display-time=5s
/system ntp client
set enabled=yes primary-ntp=178.16.23.50 secondary-ntp=78.47.253.206
Re: VPN L2TP/IPSec with iPhone works in LAN but not WAN
I think your problem is caused by the NAT made on the Fritzbox. Remove the Fritzbox and assign your public ip to the MikroTik RB.