Page 1 of 1
VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Sat May 24, 2014 6:58 pm
by kneuzgi
Hi
I'm looking for a good and secure VPN connection from my android mobile phone
to my mikrotik router (MikroTik RouterOS version 6.13)
If possible with a good manual/documentiation so that it's easy to
create for a beginner.
Thanks for any help
Regards
Kneuzgi
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Sat May 24, 2014 10:58 pm
by Zapnologica
Im also looking at implementing a simple VPN for ipad and android access.
I have followed a tutorial on PPTP Server but my windows client always gives em an 800 Error? I Will be watching out for a link or something.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Sun May 25, 2014 6:41 am
by mcskiller
L2tp + ipsec
Enviado desde mi XT925 usando Tapatalk 2
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Sun May 25, 2014 1:07 pm
by kneuzgi
L2tp + ipsec -> sounds good
but how can I configure that ?
Thanks
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Sun May 25, 2014 1:31 pm
by kneuzgi
on my Android I have only following settings:
- PPTP
- L2TP/IPSEC PSK
- L2TP/IPSEC RSA
- IPSec Xauth PSK
- IPSec Xauth RSA
- IPSec Hybrid RSA
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Sun May 25, 2014 1:36 pm
by kneuzgi
found something on the internet but it doesn't work with my mobile ...
http://www.nasa-security.net/mikrotik/m ... ith-ipsec/
any help ?
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Sun May 25, 2014 4:22 pm
by docmarius
Is there any reason why PPtP with MPPE-128 and MS-CHAP V2 would not be sufficient?
Cracking a 128bit encryption is not trivial. The biggest risk is yourself giving away your username and password.
And it is supported by a lot of devices, including Windows, Android and iOS.
LE: Ok. It seems that MS-CHAP2 can be cracked...
https://www.cloudcracker.com/blog/2012/ ... s-chap-v2/
On a 48 core FPGA dedicated device and a network capture it takes half a day to a day, but never the less.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Sun May 25, 2014 10:51 pm
by Zapnologica
I have setup a PPTP server, but I am having no luck connecting to it from my phone.
I enabled PPTP Server, Added A PPTP Binding server , added 2 users under secrets, configured a profile for me using a ip pool.
I can connect on my windows 8 desktop, but for some reason my windows 8 laptop and my android cant connect to it?
When I try connect I see this in the log on the mikrotik:
pptp, info TCP connection established from 41.208.229.224
But then thats it, the client times out trying to connect.
When I connect on my desktop, which for some reason seems to work, the following is in the log.
pptp, info TCP connection established from 41.208.229.224
pptp,ppp,info test loggen in, 10.0.0.10
pptp,ppp,info <pptp-Test> authenticated
pptp,ppp,info <pptp-Test> using encoding - MPPE128 stateless
pptp,ppp,info <pptp-Test> Connected
What could be causing this error?
Is there a minimum password or user length?
I have done some debugging and found that if i try connect to the vpn on my android via the wireless, it doesnt connect, but I still see the tcp connection on the mikrotik,
but if i disable wireless and connect to the vpn via gsm. it seems to connect? Why would this be? The vpn server is a remote mikrotik, and im using dyndns.org to point to it.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Mon May 26, 2014 3:39 pm
by mcskiller
I have setup a PPTP server, but I am having no luck connecting to it from my phone.
I enabled PPTP Server, Added A PPTP Binding server , added 2 users under secrets, configured a profile for me using a ip pool.
I can connect on my windows 8 desktop, but for some reason my windows 8 laptop and my android cant connect to it?
When I try connect I see this in the log on the mikrotik:
pptp, info TCP connection established from 41.208.229.224
But then thats it, the client times out trying to connect.
When I connect on my desktop, which for some reason seems to work, the following is in the log.
pptp, info TCP connection established from 41.208.229.224
pptp,ppp,info test loggen in, 10.0.0.10
pptp,ppp,info <pptp-Test> authenticated
pptp,ppp,info <pptp-Test> using encoding - MPPE128 stateless
pptp,ppp,info <pptp-Test> Connected
What could be causing this error?
Is there a minimum password or user length?
I have done some debugging and found that if i try connect to the vpn on my android via the wireless, it doesnt connect, but I still see the tcp connection on the mikrotik,
but if i disable wireless and connect to the vpn via gsm. it seems to connect? Why would this be? The vpn server is a remote mikrotik, and im using dyndns.org to point to it.
Here in my country 3g carriers are blocking pptp ports.
Because of that for mobile vpn i am using l2tp+ipsec
Enviado desde mi XT925 usando Tapatalk 2
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Wed May 28, 2014 2:44 pm
by W4SHY
Hi Guys,
I installed ROS 6.13 as a VM on my ESXi running version 5.5. I tried to get PPTP to work with my iPhone 5 for days without success - then I found this post:
http://forum.mikrotik.com/viewtopic.php?f=15&t=78280
Turns out ESXi 5.5 had a bug that would drop PPTP traffic. After upgrading to 5.5 U1, I was able to connect.
http://kb.vmware.com/selfservice/micros ... Id=2063788
W.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Thu May 29, 2014 5:41 pm
by cdsJerry
Im also looking at implementing a simple VPN for ipad and android access.
I have followed a tutorial on PPTP Server but my windows client always gives em an 800 Error? I Will be watching out for a link or something.
I wouldn't waste your time setting up a PPTP connection as it's been hacked so badly it's considered nearly worthless. In my case the entire reason I'm switching routers to MikroTik is to get away from PPTP. Now if OpenVPN wasn't so darned confusing! And the Wiki is useless as it's an old version and not clear at all.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Thu May 29, 2014 6:37 pm
by kneuzgi
is there any manual for L2tp + ipsec ?
My Android Mobile can only:
- PPTP
- L2TP/IPSEC PSK
- L2TP/IPSEC RSA
- IPSec Xauth PSK
- IPSec Xauth RSA
- IPSec Hybrid RSA
I do not like to use PPTP !
Thanks
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Tue Jan 13, 2015 1:38 pm
by spippan
is there any manual for L2tp + ipsec ?
My Android Mobile can only:
- PPTP
- L2TP/IPSEC PSK
- L2TP/IPSEC RSA
- IPSec Xauth PSK
- IPSec Xauth RSA
- IPSec Hybrid RSA
I do not like to use PPTP !
Thanks
got a similar issue connecting to my L2TP/IPsec server on my RB951 (ROSv6.24) via 3G / cellular (other VPNs thou work)
i tested to an other L2TP/IPsec VPN of a friend of mine ... success (via 3G)
i see that my iphone6 connects to the router to ports 500 and 4500
in the log i see:
12:28:23 ipsec,error phase1 negotiation failed due to time up 62.47.42.145[4500]<=>212.95.7.165[6365] 9b**0:a**dd
### ("**" for privacy reasons ;) hope you understand)
when i connect my iPhone6 to a WiFi (does not matter which one) there is no problem with the L2TP/IPsec connection from my iPh6 to my RB951
what can i do to
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Tue Jan 13, 2015 3:18 pm
by cdsJerry
I'm sorry but as you can tell from all the messages prior to your post, no one seems to be able to make this work and there has been no response from support on this in months. You can post all the questions you like, but there's been no help for anyone here. Worst router ever. Worst support ever.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Tue Jan 13, 2015 5:50 pm
by gabrielpike
is there any manual for L2tp + ipsec ?
My Android Mobile can only:
- PPTP
- L2TP/IPSEC PSK
- L2TP/IPSEC RSA
- IPSec Xauth PSK
- IPSec Xauth RSA
- IPSec Hybrid RSA
I do not like to use PPTP !
Thanks
got a similar issue connecting to my L2TP/IPsec server on my RB951 (ROSv6.24) via 3G / cellular (other VPNs thou work)
i tested to an other L2TP/IPsec VPN of a friend of mine ... success (via 3G)
i see that my iphone6 connects to the router to ports 500 and 4500
in the log i see:
12:28:23 ipsec,error phase1 negotiation failed due to time up 62.47.42.145[4500]<=>212.95.7.165[6365] 9b**0:a**dd
### ("**" for privacy reasons ;) hope you understand)
when i connect my iPhone6 to a WiFi (does not matter which one) there is no problem with the L2TP/IPsec connection from my iPh6 to my RB951
what can i do to
Same problem tested on 6.24, router log shows first l2tp packet then nothing happens. Works on WiFi connection but on 3G connection fails.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Tue Jan 13, 2015 5:51 pm
by spippan
UPDATE:
what i was able to do is, to set up a VPN connection to the same router with the same user via
PPTP!
when i try to set up the connection via
L2TP/IPsec ... no luck...
error in log:
14:08:17 ipsec,error phase1 negotiation failed due to time up 194.166.###.###[500]<=>62.218.###.###[500] cd1b2f**********:04d593**********
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Tue Jan 13, 2015 5:57 pm
by spippan
is there any manual for L2tp + ipsec ?
My Android Mobile can only:
- PPTP
- L2TP/IPSEC PSK
- L2TP/IPSEC RSA
- IPSec Xauth PSK
- IPSec Xauth RSA
- IPSec Hybrid RSA
I do not like to use PPTP !
Thanks
got a similar issue connecting to my L2TP/IPsec server on my RB951 (ROSv6.24) via 3G / cellular (other VPNs thou work)
i tested to an other L2TP/IPsec VPN of a friend of mine ... success (via 3G)
i see that my iphone6 connects to the router to ports 500 and 4500
in the log i see:
12:28:23 ipsec,error phase1 negotiation failed due to time up 62.47.42.145[4500]<=>212.95.7.165[6365] 9b**0:a**dd
### ("**" for privacy reasons ;) hope you understand)
when i connect my iPhone6 to a WiFi (does not matter which one) there is no problem with the L2TP/IPsec connection from my iPh6 to my RB951
what can i do to
Same problem tested on 6.24, router log shows first l2tp packet then nothing happens. Works on WiFi connection but on 3G connection fails.
yep ... also got that msg sometimes...
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Fri Feb 20, 2015 5:04 pm
by Chalky
I'm having exactly the same problem, works fine over Wi-Fi but will not work over Cellular. I've tried a Nexus 5 with Lollipop and an iPhone 5 with iOS 8.1.3, I've tried a T-Moible UK and Three UK SIM Card and neither will work.
Can't figure out where the issue lies.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Mar 03, 2015 1:05 pm
by spippan
I'm having exactly the same problem, works fine over Wi-Fi but will not work over Cellular. I've tried a Nexus 5 with Lollipop and an iPhone 5 with iOS 8.1.3, I've tried a T-Moible UK and Three UK SIM Card and neither will work.
Can't figure out where the issue lies.
i'm even seeing the connection (phase 1) is established via port 500, 4500 and 1701 from my mobile (FROM my mobile IP address) when i look it up in [ ip > firewall > connections ]
in the LOG i see something like "11:58:34 l2tp,info first L2TP UDP packet received from 213.162.68.xxx"
but
NO SUCCESS with
L2TP via 3G (mobile cell)
on the firewall side is get this:
[ 213.162.68.xxx = my iPhone over 3G // 212.183.32.xxx = my Routerboard on rOS 6.27]
[spippan@RB2011_sp-private] > ip firewall connection print
Flags: S - seen-reply, A - assured
# PROTOCOL SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT
8 SA udp 213.162.68.xxx:64557 212.183.32.xxx:4500 55s
10 SA udp 213.162.68.xxx:9659 212.183.32.xxx:500 1m26s
11 SA udp 213.162.68.xxx:62263 212.183.32.xxx:1701 1m27s
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Nov 03, 2015 11:06 pm
by JAza
Not sure what all people are on about in this thread - I followed the instructions above to that nasa-security.net link and it worked great for me.
750GL with 5.25 or so and Nex 5, Lollipop Dream (5.0.1)
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Thu Nov 05, 2015 5:23 pm
by spippan
Not sure what all people are on about in this thread - I followed the instructions above to that nasa-security.net link and it worked great for me.
750GL with 5.25 or so and Nex 5, Lollipop Dream (5.0.1)
which cellular provider do you use? and are you getting a official WAN IP on your mobile via your 3G/4G mobile data connection?
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Sun Nov 08, 2015 8:50 pm
by jaytcsd
I have an L2TP VPN connection on a Verizon droid to an RB751 running 6.32.3.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Wed Nov 11, 2015 11:01 am
by spippan
I have an L2TP VPN connection on a Verizon droid to an RB751 running 6.32.3.
so then i assume Verizon is permitting direct IP communication from your mobile device to your router (vpn server)
i do not have that advantage here in austria (telering / t-mobile)
if i were with H3G (drei.at) i could activate "Open Internet" and then it works flawlessly.
BUT
i found a better solution for VPN .... OPEN VPN
works on GSM/UMTS/3G/LTE and WiFi with mi iPhone6 ... bit more administrative work at the beginning (self-signed cert, trail-and-error implementation
and key distribution to end-devices) but when it's configured ... works like a charm
NOTE: RouterOS still only supports TCP OVPN
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Wed Nov 11, 2015 9:50 pm
by jaytcsd
I looked at open VPN but couldn't figure out the cert process, looks like you stuck it out.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.1
Posted: Sun Dec 13, 2015 4:00 am
by dinaafifi
Here you can find step by step instructions to get VPN service on your Android phone
http://www.vpnfaqs.com/2015/12/how-to-u ... oid-phone/ yoy can also use the same VPN account on your ipad and at the same connection time within encrypted tunnel ensures security and online privacy.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Wed Dec 16, 2015 5:11 pm
by spippan
I looked at open VPN but couldn't figure out the cert process, looks like you stuck it out.
i used easy-rsa (with pkitool) which is included in the OpenVPN Tunnelblick Mac OS X suite
in terminal:
nano vars
source vars
./clean-all
./pkitool --initca
./pkitool --pass --server openVPN
./pkitool --pass client
KEY_CN=OpenVPN-Client-02 ./pkitool --pass client02
KEY_CN=OpenVPN-Client-03 ./pkitool --pass client03
Creating Certificates with Easy-RSA
Easy-RSA is part of OpenVPN package at [[1]]. As of OpenVPN version 2.1 the usage is as follows:
Initialisation on Linux:
cd easy-rsa
less README
vi vars
source vars
./clean-all
=========================================================================================
Create CA (Certificate Authority, required to sign client and server certificates)
./pkitool --initca
=========================================================================================
Create Server Certificate
./pkitool --pass --server RB450
=========================================================================================
Convert Server private key to .pem format
openssl rsa -in keys/RB450.key -out keys/RB450.pem
=========================================================================================
Create Client Certificate
./pkitool --pass client1
=========================================================================================
Convert Client private key to .pem format
openssl rsa -in keys/client1.key -out keys/client1.pem
###======================================================================================
### routerboard specific ###
Usage
Referring to easy-rsa example above upload following files via sftp to RouterBoard
RB450.crt
RB450.pem
ca.crt
!! Do not upload your private ca.key !!! Now import the certificate and then its key !!
/certificate
import file=RB450.crt
import file=RB450.pem
import file=ca.crt
To the clients upload
ca.crt
client1.crt
client1.pem
And import the keys:
/certificate
import file=client1.crt
import file=client1.pem
import file=ca.crt
###======================================================================================
after that configure the OpenVPN server on the routerboard with the server certificate for which you also uploaded the server-key! (NOT the ca.crt)
VPN working with iOS client, windows client, mac osx client and also from Routerboard <=> Routerboard via OpenVPN
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Sat Dec 19, 2015 11:18 am
by jaytcsd
I'll give it a try, thanks for the detailed info.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Jan 05, 2016 12:29 am
by spippan
I'll give it a try, thanks for the detailed info.
success?
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Jan 05, 2016 5:09 am
by jaytcsd
Been busy trying to get site to site IPsec working, haven't had a chance to try this yet.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Jan 05, 2016 12:19 pm
by spippan
Been busy trying to get site to site IPsec working, haven't had a chance to try this yet.
no problem
if help is needed, notifications to this thread are ON. glad if i can help.
anyways good luck with your site-to-site IPsec
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Fri Feb 26, 2016 10:27 am
by cohprog
RouterOS configuration for Android L2TP/IPSec PSK VPN:
RouterOS:
/ip pool add name="VPN" ranges=10.0.0.1-10.0.0.254
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
add enc-algorithms=3des,aes-256-cbc name=l2tp-vpn pfs-group=none
/ppp profile
add change-tcp-mss=yes dns-server=XXX.XXX.XXX.XXX local-address=VPN name=\
l2tp-vpn remote-address=VPN
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp-vpn enabled=yes ipsec-secret=\
SECRETKEY max-mru=1460 max-mtu=1460 use-ipsec=yes
/ip ipsec policy
set (unknown) proposal=l2tp-vpn
/ppp secret
add name=USER password=PASSWORD profile=l2tp-vpn service=l2tp
/ip ipsec peer add address=0.0.0.0/0 port=500 auth-method=pre-shared-key passive=yes secret=SECRETKEY generate-policy=port-override exchange-mode=main-l2tp
send-initial-contact=yes nat-traversal=yes hash-algorithm=sha1 enc-algorithm=3des,aes-256
On Android, create a L2TP/IPSec PSK VPN.
Add the address of the VPN server and the pre-shared IPSec secret key (SECRETKEY). Don't enter a secret for L2TP or a user for IPSec.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Wed Jul 27, 2016 9:14 pm
by oriolrius
Hi, I just published a howto on my blog page about how to set up a PPTP server compatible with Android. I'm using routerOS 6.34.3 and Android 5 and 6.
http://oriolrius.cat/blog/2016/07/27/mi ... r-android/
I hope it's being useful.
Oriol
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Fri Apr 14, 2017 3:02 pm
by e2ks
Can just add one hopefully useful tip. In case if client is Android device, it seems not all IPSec authentication algorithms are supported.
In IPSec proposal settings can not use sha256 or sha512 as Auth. Algorithm, Android fails to connect if those are used. Sha1 works fine
Not sure if same applies to all device models and versions of Android, but that was my experience on Sony Xperia X, Android verion 7.1.1. RouterOS v.6.38.5
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Apr 18, 2017 3:16 pm
by pe1chl
Thank you! I was fighting L2TP/IPsec PSK on Android and indeed it turns out it is due to the SHA256 which
was enabled in Proposals and does not work on Android. It is OK on most other platforms.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Apr 18, 2017 5:43 pm
by ajack46
so what do we do to work on android.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Apr 18, 2017 5:51 pm
by pe1chl
It works in the default config, the problems only start when you enable those super duper hashing and encryption methods that nobody needs yet are "recommended by the experts".
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Mon Nov 06, 2017 10:43 am
by savage75
Hi,
Was trying L2TP/IPSec PSK it works fine with PCs but nothing with android and iOS ?
I'm using routerOS 6.36.1 ?
any workaround ?
thanks
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Mon Nov 06, 2017 10:35 pm
by pe1chl
Please read before you write!
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Nov 07, 2017 9:36 am
by savage75
Hi pe1chl,
was reading your post regarding the SHA256 on Proposals but I'm using sha1 and still no success to make it work, getting Unsuccessful when try to connect to VPN through the Android !
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Nov 07, 2017 10:26 am
by pe1chl
It works fine for me with Android. But you should leave the phase1 settings at default or else it will fail.
Re: VPN with Android Mobile to MikroTik RouterOS version 6.13
Posted: Tue Nov 07, 2017 12:03 pm
by savage75
It works fine for me with Android. But you should leave the phase1 settings at default or else it will fail.
thanks pe1chl, just need to confirm by saying phase1 means ?