Reduce lacency? Contact your 3G/WiFi/Provider ;-))))
Bye! 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: > DUDE, you rocks > i'm connected to my VPN! > but, but; evean in a local network... i have latency of 130MS! > :P > anyway how can i reduce it please? > thank you > > ----- Original Message ----- From: "Sim" <simvi...@gmail.com> > To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> > Sent: Wednesday, August 22, 2012 9:50 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> For security reason L2TP isn't good. >> Ipsec + L2TP is the only way supported by iPhone (it ask you >> "security/secret" and not only password). >> >> You can also check this: >> http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP >> >> My post was for all device tested with : WindowsXP, 7, iPhone and Android! >> >> Check: >> "Do not forget to allow: >> - UDP 500 (Dst.Port), >> - UDP 1701, >> - UDP 4500 (Nat-Traversal) >> - and Protocol 50 (ESP) >> in the firewall filter settings. (Input chain, accept). " >> >> >> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>> >>> question, sim >>> is l2tp itself alone good? >>> i think it's working only L2TP. >>> >>> ----- Original Message ----- From: "Sim" <simvi...@gmail.com> >>> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> >>> Sent: Wednesday, August 22, 2012 9:41 PM >>> >>> Subject: Re: [Mikrotik] IPSec for mobile >>> >>> >>>> The config posted in precedent email is correct and work in my 3 >>>> Mikrotik. >>>> Have you opened/forwarded corrected port/proto? >>>> >>>> >>>> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>>>> >>>>> >>>>> ok so >>>>> i did your suggestion but l2tp server not replying >>>>> log: >>>>> Telnet 172.28.2.1 >>>>> 19:28:32 ipsec,debug,packet encryption(aes) >>>>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>>>> 19:28:32 ipsec,debug,packet call pfkey_send_update_nat >>>>> 19:28:32 ipsec,debug,packet pfkey update sent. >>>>> 19:28:32 ipsec,debug,packet encryption(aes) >>>>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>>>> 19:28:32 ipsec,debug,packet call pfkey_send_add_nat >>>>> 19:28:32 ipsec,debug,packet pfkey add sent. >>>>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>>>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. >>>>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>>>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. >>>>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>>>> 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 >>>>> 75a84) >>>>> 19:28:32 ipsec,debug === >>>>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>>>> 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d >>>>> ecb0a) >>>>> 19:28:32 ipsec,debug === >>>>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>>>> 172.28.1.5/32[0] 41.221.20.110/32[0] >>>>> proto=udp dir=in >>>>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>>>> 41.221.20.110/32[0] 172.28.1.5/32[0] >>>>> proto=udp dir=out >>>>> 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 >>>>> 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 >>>>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ >>>>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>>>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 >>>>> 19:28:33 l2tp,debug,packet (M) >>>>> Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 >>>>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 >>>>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>>>> 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 >>>>> 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn >>>>> 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 >>>>> 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 >>>>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP >>>>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>>>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 >>>>> 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 >>>>> 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 >>>>> 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" >>>>> 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" >>>>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 >>>>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>>>> [admin@Edge01-493-Alger] /ppp secret> >>>>> >>>>> >>>>> ----- Original Message ----- From: "Sim" <simvi...@gmail.com> >>>>> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> >>>>> Sent: Wednesday, August 22, 2012 4:44 PM >>>>> >>>>> Subject: Re: [Mikrotik] IPSec for mobile >>>>> >>>>> >>>>>> iPhone IPsec is for Cisco (see logo). >>>>>> >>>>>> Use L2TP+IPsec (first choice on your mobile device) >>>>>> >>>>>> Regards >>>>>> >>>>>> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>>>>>> >>>>>>> >>>>>>> >>>>>>> thank you a lot ! >>>>>>> is L2TP required? >>>>>>> or IPSec can work alone ? >>>>>>> >>>>>>> ----- Original Message ----- From: "Sim" <simvi...@gmail.com> >>>>>>> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> >>>>>>> Sent: Wednesday, August 22, 2012 4:39 PM >>>>>>> Subject: Re: [Mikrotik] IPSec for mobile >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Hi, this is that you need :-) >>>>>>>> >>>>>>>> # Server & Preshared (1234567abcdef) config >>>>>>>> /interface l2tp-server server set enabled=yes >>>>>>>> >>>>>>>> /ip ipsec proposal >>>>>>>> set [ find default=yes ] auth-algorithms=sha1 disabled=no >>>>>>>> enc-algorithms=3des,aes-256 \ >>>>>>>> lifetime=30m name=default pfs-group=modp1024 >>>>>>>> >>>>>>>> /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key >>>>>>>> dh-group=modp1024 disabled=no \ >>>>>>>> dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des >>>>>>>> exchange-mode=main-l2tp generate-policy=yes \ >>>>>>>> hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes >>>>>>>> port=500 secret=1234567abcdef send-initial-contact=yes >>>>>>>> >>>>>>>> # ADD Client (change user, psw, ips) >>>>>>>> /ppp secret add name=user password=12345 profile=default-encryption >>>>>>>> local-address=192.168.255.10 remote-address=192.168.255.254 >>>>>>>> service=l2tp >>>>>>>> >>>>>>>> >>>>>>>> # Debug >>>>>>>> /system logging add action=memory topics=l2tp >>>>>>>> /system logging add action=memory topics=ipsec >>>>>>>> >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> >>>>>>>> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> hello folks >>>>>>>>> i'm traveling these days and i'lle love to be in my home network >>>>>>>>> i have a iPhone4S >>>>>>>>> i want to do IPSec or L2TP (no pptp) into my rb493G >>>>>>>>> any idea please? >>>>>>>>> IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. >>>>>>>>> thank you >>>>>>>>> Meftah Tayeb >>>>>>>>> IT Consulting >>>>>>>>> http://www.tmvoip.com/ phone: +21321656139 >>>>>>>>> Mobile: +213660347746 >>>>>>>>> >>>>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>>>> signature >>>>>>>>> database 7404 (20120821) __________ >>>>>>>>> >>>>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>>>> >>>>>>>>> http://www.eset.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Mikrotik mailing list >>>>>>>>> Mikrotik@mail.butchevans.com >>>>>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>>>>> >>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>>>> RouterOS >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Mikrotik mailing list >>>>>>>> Mikrotik@mail.butchevans.com >>>>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>>>> >>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>>> RouterOS >>>>>>>> >>>>>>>> >>>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>>> signature database 7404 (20120821) __________ >>>>>>>> >>>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>>> >>>>>>>> http://www.eset.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>> signature >>>>>>> database 7404 (20120821) __________ >>>>>>> >>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>> >>>>>>> http://www.eset.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Mikrotik mailing list >>>>>>> Mikrotik@mail.butchevans.com >>>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>>> >>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>> RouterOS >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Mikrotik mailing list >>>>>> Mikrotik@mail.butchevans.com >>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>> >>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>> RouterOS >>>>>> >>>>>> >>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>> signature database 7404 (20120821) __________ >>>>>> >>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>> >>>>>> http://www.eset.com >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>> signature >>>>> database 7404 (20120821) __________ >>>>> >>>>> The message was checked by ESET NOD32 Antivirus. >>>>> >>>>> http://www.eset.com >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Mikrotik mailing list >>>>> Mikrotik@mail.butchevans.com >>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>> >>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>> RouterOS >>>> >>>> >>>> _______________________________________________ >>>> Mikrotik mailing list >>>> Mikrotik@mail.butchevans.com >>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>>> >>>> >>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>> signature database 7404 (20120821) __________ >>>> >>>> The message was checked by ESET NOD32 Antivirus. >>>> >>>> http://www.eset.com >>>> >>>> >>>> >>> >>> >>> __________ Information from ESET NOD32 Antivirus, version of virus >>> signature >>> database 7404 (20120821) __________ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> >>> _______________________________________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >> >> _______________________________________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 7404 (20120821) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 7404 (20120821) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
