ok so
i did your suggestion but l2tp server not replying
log:
Telnet 172.28.2.1
19:28:32 ipsec,debug,packet encryption(aes)
19:28:32 ipsec,debug,packet hmac(hmac_sha1)
19:28:32 ipsec,debug,packet call pfkey_send_update_nat
19:28:32 ipsec,debug,packet pfkey update sent.
19:28:32 ipsec,debug,packet encryption(aes)
19:28:32 ipsec,debug,packet hmac(hmac_sha1)
19:28:32 ipsec,debug,packet call pfkey_send_add_nat
19:28:32 ipsec,debug,packet pfkey add sent.
19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2
19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent.
19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2
19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent.
19:28:32 ipsec IPsec-SA established: ESP/Transport
172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26
75a84)
19:28:32 ipsec,debug ===
19:28:32 ipsec IPsec-SA established: ESP/Transport
41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d
ecb0a)
19:28:32 ipsec,debug ===
19:28:32 ipsec,debug,packet such policy does not already exist:
172.28.1.5/32[0] 41.221.20.110/32[0]
proto=udp dir=in
19:28:32 ipsec,debug,packet such policy does not already exist:
41.221.20.110/32[0] 172.28.1.5/32[0]
proto=udp dir=out
19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077
19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ
19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00
19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3
19:28:33 l2tp,debug,packet (M)
Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00
19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3
19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4
19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5
19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn
19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077
19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1
19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP
19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00
19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1
19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0
19:28:33 l2tp,debug,packet Firmware-Revision=0x1
19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger"
19:28:33 l2tp,debug,packet Vendor-Name="MikroTik"
19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2
19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4
[admin@Edge01-493-Alger] /ppp secret>
----- Original Message ----- From: "Sim" <simvi...@gmail.com>
To: "Mikrotik discussions" <mikrotik@mail.butchevans.com>
Sent: Wednesday, August 22, 2012 4:44 PM
Subject: Re: [Mikrotik] IPSec for mobile
iPhone IPsec is for Cisco (see logo).
Use L2TP+IPsec (first choice on your mobile device)
Regards
2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>:
thank you a lot !
is L2TP required?
or IPSec can work alone ?
----- Original Message ----- From: "Sim" <simvi...@gmail.com>
To: "Mikrotik discussions" <mikrotik@mail.butchevans.com>
Sent: Wednesday, August 22, 2012 4:39 PM
Subject: Re: [Mikrotik] IPSec for mobile
Hi, this is that you need :-)
# Server & Preshared (1234567abcdef) config
/interface l2tp-server server set enabled=yes
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no
enc-algorithms=3des,aes-256 \
lifetime=30m name=default pfs-group=modp1024
/ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key
dh-group=modp1024 disabled=no \
dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des
exchange-mode=main-l2tp generate-policy=yes \
hash-algorithm=sha1 lifetime=1d my-id-user-fqdn=""
nat-traversal=yes
port=500 secret=1234567abcdef send-initial-contact=yes
# ADD Client (change user, psw, ips)
/ppp secret add name=user password=12345
profile=default-encryption
local-address=192.168.255.10 remote-address=192.168.255.254
service=l2tp
# Debug
/system logging add action=memory topics=l2tp
/system logging add action=memory topics=ipsec
Regards
2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>:
hello folks
i'm traveling these days and i'lle love to be in my home network
i have a iPhone4S
i want to do IPSec or L2TP (no pptp) into my rb493G
any idea please?
IPSec look very complicated... no OpenVPN in iOs. no Jailbreack.
thank you
Meftah Tayeb
IT Consulting
http://www.tmvoip.com/ phone: +21321656139
Mobile: +213660347746
__________ Information from ESET NOD32 Antivirus, version of
virus
signature
database 7404 (20120821) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to
Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to
Mikrotik
RouterOS
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7404 (20120821) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus
signature
database 7404 (20120821) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 7404 (20120821) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus
signature
database 7404 (20120821) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS