The config posted in precedent email is correct and work in my 3 Mikrotik. Have you opened/forwarded corrected port/proto?
2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: > ok so > i did your suggestion but l2tp server not replying > log: > Telnet 172.28.2.1 > 19:28:32 ipsec,debug,packet encryption(aes) > 19:28:32 ipsec,debug,packet hmac(hmac_sha1) > 19:28:32 ipsec,debug,packet call pfkey_send_update_nat > 19:28:32 ipsec,debug,packet pfkey update sent. > 19:28:32 ipsec,debug,packet encryption(aes) > 19:28:32 ipsec,debug,packet hmac(hmac_sha1) > 19:28:32 ipsec,debug,packet call pfkey_send_add_nat > 19:28:32 ipsec,debug,packet pfkey add sent. > 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 > 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. > 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 > 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. > 19:28:32 ipsec IPsec-SA established: ESP/Transport > 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 > 75a84) > 19:28:32 ipsec,debug === > 19:28:32 ipsec IPsec-SA established: ESP/Transport > 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d > ecb0a) > 19:28:32 ipsec,debug === > 19:28:32 ipsec,debug,packet such policy does not already exist: > 172.28.1.5/32[0] 41.221.20.110/32[0] > proto=udp dir=in > 19:28:32 ipsec,debug,packet such policy does not already exist: > 41.221.20.110/32[0] 172.28.1.5/32[0] > proto=udp dir=out > 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 > 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 > 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ > 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 > 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 > 19:28:33 l2tp,debug,packet (M) > Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 > 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 > 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 > 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 > 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn > 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 > 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 > 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP > 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 > 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 > 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 > 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 > 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" > 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" > 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 > 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 > [admin@Edge01-493-Alger] /ppp secret> > > > ----- Original Message ----- From: "Sim" <simvi...@gmail.com> > To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> > Sent: Wednesday, August 22, 2012 4:44 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> iPhone IPsec is for Cisco (see logo). >> >> Use L2TP+IPsec (first choice on your mobile device) >> >> Regards >> >> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>> >>> thank you a lot ! >>> is L2TP required? >>> or IPSec can work alone ? >>> >>> ----- Original Message ----- From: "Sim" <simvi...@gmail.com> >>> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> >>> Sent: Wednesday, August 22, 2012 4:39 PM >>> Subject: Re: [Mikrotik] IPSec for mobile >>> >>> >>> >>>> Hi, this is that you need :-) >>>> >>>> # Server & Preshared (1234567abcdef) config >>>> /interface l2tp-server server set enabled=yes >>>> >>>> /ip ipsec proposal >>>> set [ find default=yes ] auth-algorithms=sha1 disabled=no >>>> enc-algorithms=3des,aes-256 \ >>>> lifetime=30m name=default pfs-group=modp1024 >>>> >>>> /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key >>>> dh-group=modp1024 disabled=no \ >>>> dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des >>>> exchange-mode=main-l2tp generate-policy=yes \ >>>> hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes >>>> port=500 secret=1234567abcdef send-initial-contact=yes >>>> >>>> # ADD Client (change user, psw, ips) >>>> /ppp secret add name=user password=12345 profile=default-encryption >>>> local-address=192.168.255.10 remote-address=192.168.255.254 >>>> service=l2tp >>>> >>>> >>>> # Debug >>>> /system logging add action=memory topics=l2tp >>>> /system logging add action=memory topics=ipsec >>>> >>>> >>>> Regards >>>> >>>> >>>> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>>>> >>>>> >>>>> hello folks >>>>> i'm traveling these days and i'lle love to be in my home network >>>>> i have a iPhone4S >>>>> i want to do IPSec or L2TP (no pptp) into my rb493G >>>>> any idea please? >>>>> IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. >>>>> thank you >>>>> Meftah Tayeb >>>>> IT Consulting >>>>> http://www.tmvoip.com/ phone: +21321656139 >>>>> Mobile: +213660347746 >>>>> >>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>> signature >>>>> database 7404 (20120821) __________ >>>>> >>>>> The message was checked by ESET NOD32 Antivirus. >>>>> >>>>> http://www.eset.com >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Mikrotik mailing list >>>>> Mikrotik@mail.butchevans.com >>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>> >>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>> RouterOS >>>> >>>> >>>> _______________________________________________ >>>> Mikrotik mailing list >>>> Mikrotik@mail.butchevans.com >>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>>> >>>> >>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>> signature database 7404 (20120821) __________ >>>> >>>> The message was checked by ESET NOD32 Antivirus. >>>> >>>> http://www.eset.com >>>> >>>> >>>> >>> >>> >>> __________ Information from ESET NOD32 Antivirus, version of virus >>> signature >>> database 7404 (20120821) __________ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> >>> _______________________________________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >> >> _______________________________________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 7404 (20120821) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 7404 (20120821) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
