Re: [Mikrotik] IPSec for mobile

Meftah Tayeb Wed, 22 Aug 2012 11:58:27 -0700

DUDE, local!
*LOCAL* BACKBONE!
is my own routers i'm simulating it here befaure i travel
but latency is very HIGH :-P

----- Original Message -----From: "Sim" <simvi...@gmail.com>

To: "Mikrotik discussions" <mikrotik@mail.butchevans.com>
Sent: Wednesday, August 22, 2012 9:55 PM
Subject: Re: [Mikrotik] IPSec for mobile

Reduce lacency?

Contact your 3G/WiFi/Provider ;-))))

Bye!

2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>:

DUDE, you rocks
i'm connected to my VPN!
but, but; evean in a local network... i have latency of 130MS!
:P
anyway how can i reduce it please?
thank you

----- Original Message ----- From: "Sim" <simvi...@gmail.com>
To: "Mikrotik discussions" <mikrotik@mail.butchevans.com>
Sent: Wednesday, August 22, 2012 9:50 PM

Subject: Re: [Mikrotik] IPSec for mobile

For security reason L2TP isn't good.
Ipsec + L2TP is the only way supported by iPhone (it ask you
"security/secret" and not only password).

You can also check this:
http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP

My post was for all device tested with : WindowsXP, 7, iPhone andAndroid!


Check:
"Do not forget to allow:
- UDP 500 (Dst.Port),
- UDP 1701,
- UDP 4500 (Nat-Traversal)
- and Protocol 50 (ESP)
in the firewall filter settings. (Input chain, accept). "


2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>:


question, sim
is l2tp itself alone good?
i think it's working only L2TP.

----- Original Message ----- From: "Sim" <simvi...@gmail.com>
To: "Mikrotik discussions" <mikrotik@mail.butchevans.com>
Sent: Wednesday, August 22, 2012 9:41 PM

Subject: Re: [Mikrotik] IPSec for mobile

The config posted in precedent email is correct and work in my 3
Mikrotik.
Have you opened/forwarded corrected port/proto?


2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>:



ok so
i did your suggestion but l2tp server not replying
log:
Telnet 172.28.2.1
19:28:32 ipsec,debug,packet encryption(aes)
19:28:32 ipsec,debug,packet hmac(hmac_sha1)
19:28:32 ipsec,debug,packet call pfkey_send_update_nat
19:28:32 ipsec,debug,packet pfkey update sent.
19:28:32 ipsec,debug,packet encryption(aes)
19:28:32 ipsec,debug,packet hmac(hmac_sha1)
19:28:32 ipsec,debug,packet call pfkey_send_add_nat
19:28:32 ipsec,debug,packet pfkey add sent.
19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2
19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent.
19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2
19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent.
19:28:32 ipsec IPsec-SA established: ESP/Transport
172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26
75a84)
19:28:32 ipsec,debug ===
19:28:32 ipsec IPsec-SA established: ESP/Transport
41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d
ecb0a)
19:28:32 ipsec,debug ===
19:28:32 ipsec,debug,packet such policy does not already exist:
172.28.1.5/32[0] 41.221.20.110/32[0]
proto=udp dir=in
19:28:32 ipsec,debug,packet such policy does not already exist:
41.221.20.110/32[0] 172.28.1.5/32[0]
proto=udp dir=out
19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077
19:28:33 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
19:28:33 l2tp,debug,packet     (M) Message-Type=SCCRQ
19:28:33 l2tp,debug,packet     (M) Protocol-Version=0x01:00
19:28:33 l2tp,debug,packet     (M) Framing-Capabilities=0x3
19:28:33 l2tp,debug,packet     (M)
Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00
19:28:33 l2tp,debug,packet     (M) Assigned-Tunnel-ID=3
19:28:33 l2tp,debug,packet     (M) Receive-Window-Size=4
19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5
19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn
19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077
19:28:33 l2tp,debug,packet     tunnel-id=3, session-id=0, ns=0, nr=1
19:28:33 l2tp,debug,packet     (M) Message-Type=SCCRP
19:28:33 l2tp,debug,packet     (M) Protocol-Version=0x01:00
19:28:33 l2tp,debug,packet     (M) Framing-Capabilities=0x1
19:28:33 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
19:28:33 l2tp,debug,packet     Firmware-Revision=0x1
19:28:33 l2tp,debug,packet     (M) Host-Name="Edge01-493-Alger"
19:28:33 l2tp,debug,packet     Vendor-Name="MikroTik"
19:28:33 l2tp,debug,packet     (M) Assigned-Tunnel-ID=2
19:28:33 l2tp,debug,packet     (M) Receive-Window-Size=4
[admin@Edge01-493-Alger] /ppp secret>


----- Original Message ----- From: "Sim" <simvi...@gmail.com>
To: "Mikrotik discussions" <mikrotik@mail.butchevans.com>
Sent: Wednesday, August 22, 2012 4:44 PM

Subject: Re: [Mikrotik] IPSec for mobile

iPhone IPsec is for Cisco (see logo).

Use L2TP+IPsec (first choice on your mobile device)

Regards

2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>:




thank you a lot !
is L2TP required?
or IPSec can work alone ?

----- Original Message ----- From: "Sim" <simvi...@gmail.com>
To: "Mikrotik discussions" <mikrotik@mail.butchevans.com>
Sent: Wednesday, August 22, 2012 4:39 PM
Subject: Re: [Mikrotik] IPSec for mobile

Hi, this is that you need :-)

# Server & Preshared (1234567abcdef) config
/interface l2tp-server server set enabled=yes

/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no
enc-algorithms=3des,aes-256 \
lifetime=30m name=default pfs-group=modp1024

/ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key
dh-group=modp1024 disabled=no \
dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des
exchange-mode=main-l2tp generate-policy=yes \

hash-algorithm=sha1 lifetime=1d my-id-user-fqdn=""nat-traversal=yes

port=500 secret=1234567abcdef send-initial-contact=yes

# ADD Client (change user, psw, ips)

/ppp secret add name=user password=12345profile=default-encryption

local-address=192.168.255.10 remote-address=192.168.255.254
service=l2tp


# Debug
/system logging add action=memory topics=l2tp
/system logging add action=memory topics=ipsec


Regards


2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>:





hello folks
i'm traveling these days and i'lle love to be in my home network
i have a iPhone4S
i want to do IPSec or L2TP (no pptp) into my rb493G
any idea please?
IPSec look very complicated... no OpenVPN in iOs. no Jailbreack.
thank you
   Meftah Tayeb
IT Consulting
http://www.tmvoip.com/ phone: +21321656139
Mobile: +213660347746

__________ Information from ESET NOD32 Antivirus, version ofvirus

signature
database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related toMikrotik

RouterOS





_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related toMikrotik

RouterOS


__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



__________ Information from ESET NOD32 Antivirus, version of virus
signature
database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS




_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS


__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



__________ Information from ESET NOD32 Antivirus, version of virus
signature
database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS



_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS


__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



__________ Information from ESET NOD32 Antivirus, version of virus
signature
database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS


_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS


__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

__________ Information from ESET NOD32 Antivirus, version of virussignature

database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to MikrotikRouterOS

_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to MikrotikRouterOS

__________ Information from ESET NOD32 Antivirus, version of virussignature database 7404 (20120821) __________


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



__________ Information from ESET NOD32 Antivirus, version of virus signature 
database 7404 (20120821) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] IPSec for mobile

Reply via email to