MikroTik

Hi everyone

Does anyone know what that could be with subj. protocol that it does connect flawlessly from behind NAT (for example my home network or public in a restaurant with gray IP) but doesn't with public white IP. It is the same device — phone with Android 5.1 and it works great when connected at home by Wi-Fi to home network but doesn't via cellular, with the white IP address.
Would appreciate any hep, thank you.

Hi Ajax,

You have to check with your cell carrier if its blocking L2TP or IPSsec ports. You can make some port test with a free port tester available at Play Store. Compare connecting thru wifi and cell carrier using your vpn server as target host.

Ports to check normally.

For L2TP/IPSec:
Port 500 UDP
Port 4500 UDP
Port 1701 UDP
and
protocol 50 (ESP)

Regards.

You can make some port test with a free port tester available at Play Store.

Can you suggest any? I can't find one with UDP port scanning support, they all do TCP scan only.

Will try to check ports, but whenever I try to connect via cellular, router's log getting these records: Last one appears several times and phone shows "Can't connect" message.

this message Is rather odd, how would your carrier change authtype?

Hi Ajax,

Try changing in your router Peer Tab, Hash Algorithm md5 to sha1.

Regards...

this message

Code: Select all

12:19:42 ipsec,error authtype mismatched: my:hmac-md5 peer:hmac-sha1 

Is rather odd, how would your carrier change authtype?

It is not a carrier but Android. I couldn't find which type one has. Plus I need to connect using other OSes, like OS X, iOS and Windows.

But problem has been solved (thanks to this link): In your IPsec Peer configuration, change “Generate Policy” from “port strict” to “port override”

Now I've another trouble — despite connection is set and even local IP address is assigned, I can't even ping anything in LAN.