Very strange.. but the problem isn't Mikrotik but WiFi/iPhone. Try to connect with Windows PC/Client and check latency
2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: > DUDE, local! > *LOCAL* BACKBONE! > is my own routers i'm simulating it here befaure i travel > but latency is very HIGH :-P > > ----- Original Message ----- From: "Sim" <simvi...@gmail.com> > To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> > Sent: Wednesday, August 22, 2012 9:55 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> Reduce lacency? >> >> Contact your 3G/WiFi/Provider ;-)))) >> >> Bye! >> >> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>> >>> DUDE, you rocks >>> i'm connected to my VPN! >>> but, but; evean in a local network... i have latency of 130MS! >>> :P >>> anyway how can i reduce it please? >>> thank you >>> >>> ----- Original Message ----- From: "Sim" <simvi...@gmail.com> >>> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> >>> Sent: Wednesday, August 22, 2012 9:50 PM >>> >>> Subject: Re: [Mikrotik] IPSec for mobile >>> >>> >>>> For security reason L2TP isn't good. >>>> Ipsec + L2TP is the only way supported by iPhone (it ask you >>>> "security/secret" and not only password). >>>> >>>> You can also check this: >>>> >>>> http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP >>>> >>>> My post was for all device tested with : WindowsXP, 7, iPhone and >>>> Android! >>>> >>>> Check: >>>> "Do not forget to allow: >>>> - UDP 500 (Dst.Port), >>>> - UDP 1701, >>>> - UDP 4500 (Nat-Traversal) >>>> - and Protocol 50 (ESP) >>>> in the firewall filter settings. (Input chain, accept). " >>>> >>>> >>>> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>>>> >>>>> >>>>> question, sim >>>>> is l2tp itself alone good? >>>>> i think it's working only L2TP. >>>>> >>>>> ----- Original Message ----- From: "Sim" <simvi...@gmail.com> >>>>> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> >>>>> Sent: Wednesday, August 22, 2012 9:41 PM >>>>> >>>>> Subject: Re: [Mikrotik] IPSec for mobile >>>>> >>>>> >>>>>> The config posted in precedent email is correct and work in my 3 >>>>>> Mikrotik. >>>>>> Have you opened/forwarded corrected port/proto? >>>>>> >>>>>> >>>>>> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>>>>>> >>>>>>> >>>>>>> >>>>>>> ok so >>>>>>> i did your suggestion but l2tp server not replying >>>>>>> log: >>>>>>> Telnet 172.28.2.1 >>>>>>> 19:28:32 ipsec,debug,packet encryption(aes) >>>>>>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>>>>>> 19:28:32 ipsec,debug,packet call pfkey_send_update_nat >>>>>>> 19:28:32 ipsec,debug,packet pfkey update sent. >>>>>>> 19:28:32 ipsec,debug,packet encryption(aes) >>>>>>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>>>>>> 19:28:32 ipsec,debug,packet call pfkey_send_add_nat >>>>>>> 19:28:32 ipsec,debug,packet pfkey add sent. >>>>>>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>>>>>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. >>>>>>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>>>>>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. >>>>>>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>>>>>> 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 >>>>>>> 75a84) >>>>>>> 19:28:32 ipsec,debug === >>>>>>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>>>>>> 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d >>>>>>> ecb0a) >>>>>>> 19:28:32 ipsec,debug === >>>>>>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>>>>>> 172.28.1.5/32[0] 41.221.20.110/32[0] >>>>>>> proto=udp dir=in >>>>>>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>>>>>> 41.221.20.110/32[0] 172.28.1.5/32[0] >>>>>>> proto=udp dir=out >>>>>>> 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 >>>>>>> 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 >>>>>>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ >>>>>>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>>>>>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 >>>>>>> 19:28:33 l2tp,debug,packet (M) >>>>>>> Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 >>>>>>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 >>>>>>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>>>>>> 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 >>>>>>> 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn >>>>>>> 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 >>>>>>> 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 >>>>>>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP >>>>>>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>>>>>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 >>>>>>> 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 >>>>>>> 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 >>>>>>> 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" >>>>>>> 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" >>>>>>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 >>>>>>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>>>>>> [admin@Edge01-493-Alger] /ppp secret> >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- From: "Sim" <simvi...@gmail.com> >>>>>>> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> >>>>>>> Sent: Wednesday, August 22, 2012 4:44 PM >>>>>>> >>>>>>> Subject: Re: [Mikrotik] IPSec for mobile >>>>>>> >>>>>>> >>>>>>>> iPhone IPsec is for Cisco (see logo). >>>>>>>> >>>>>>>> Use L2TP+IPsec (first choice on your mobile device) >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> thank you a lot ! >>>>>>>>> is L2TP required? >>>>>>>>> or IPSec can work alone ? >>>>>>>>> >>>>>>>>> ----- Original Message ----- From: "Sim" <simvi...@gmail.com> >>>>>>>>> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> >>>>>>>>> Sent: Wednesday, August 22, 2012 4:39 PM >>>>>>>>> Subject: Re: [Mikrotik] IPSec for mobile >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Hi, this is that you need :-) >>>>>>>>>> >>>>>>>>>> # Server & Preshared (1234567abcdef) config >>>>>>>>>> /interface l2tp-server server set enabled=yes >>>>>>>>>> >>>>>>>>>> /ip ipsec proposal >>>>>>>>>> set [ find default=yes ] auth-algorithms=sha1 disabled=no >>>>>>>>>> enc-algorithms=3des,aes-256 \ >>>>>>>>>> lifetime=30m name=default pfs-group=modp1024 >>>>>>>>>> >>>>>>>>>> /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key >>>>>>>>>> dh-group=modp1024 disabled=no \ >>>>>>>>>> dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des >>>>>>>>>> exchange-mode=main-l2tp generate-policy=yes \ >>>>>>>>>> hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" >>>>>>>>>> nat-traversal=yes >>>>>>>>>> port=500 secret=1234567abcdef send-initial-contact=yes >>>>>>>>>> >>>>>>>>>> # ADD Client (change user, psw, ips) >>>>>>>>>> /ppp secret add name=user password=12345 >>>>>>>>>> profile=default-encryption >>>>>>>>>> local-address=192.168.255.10 remote-address=192.168.255.254 >>>>>>>>>> service=l2tp >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> # Debug >>>>>>>>>> /system logging add action=memory topics=l2tp >>>>>>>>>> /system logging add action=memory topics=ipsec >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Regards >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 2012/8/22 Meftah Tayeb <tayeb.mef...@gmail.com>: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> hello folks >>>>>>>>>>> i'm traveling these days and i'lle love to be in my home network >>>>>>>>>>> i have a iPhone4S >>>>>>>>>>> i want to do IPSec or L2TP (no pptp) into my rb493G >>>>>>>>>>> any idea please? >>>>>>>>>>> IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. >>>>>>>>>>> thank you >>>>>>>>>>> Meftah Tayeb >>>>>>>>>>> IT Consulting >>>>>>>>>>> http://www.tmvoip.com/ phone: +21321656139 >>>>>>>>>>> Mobile: +213660347746 >>>>>>>>>>> >>>>>>>>>>> __________ Information from ESET NOD32 Antivirus, version of >>>>>>>>>>> virus >>>>>>>>>>> signature >>>>>>>>>>> database 7404 (20120821) __________ >>>>>>>>>>> >>>>>>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>>>>>> >>>>>>>>>>> http://www.eset.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Mikrotik mailing list >>>>>>>>>>> Mikrotik@mail.butchevans.com >>>>>>>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>>>>>>> >>>>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to >>>>>>>>>>> Mikrotik >>>>>>>>>>> RouterOS >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Mikrotik mailing list >>>>>>>>>> Mikrotik@mail.butchevans.com >>>>>>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>>>>>> >>>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to >>>>>>>>>> Mikrotik >>>>>>>>>> RouterOS >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>>>>> signature database 7404 (20120821) __________ >>>>>>>>>> >>>>>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>>>>> >>>>>>>>>> http://www.eset.com >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>>>> signature >>>>>>>>> database 7404 (20120821) __________ >>>>>>>>> >>>>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>>>> >>>>>>>>> http://www.eset.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Mikrotik mailing list >>>>>>>>> Mikrotik@mail.butchevans.com >>>>>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>>>>> >>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>>>> RouterOS >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Mikrotik mailing list >>>>>>>> Mikrotik@mail.butchevans.com >>>>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>>>> >>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>>> RouterOS >>>>>>>> >>>>>>>> >>>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>>> signature database 7404 (20120821) __________ >>>>>>>> >>>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>>> >>>>>>>> http://www.eset.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>> signature >>>>>>> database 7404 (20120821) __________ >>>>>>> >>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>> >>>>>>> http://www.eset.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Mikrotik mailing list >>>>>>> Mikrotik@mail.butchevans.com >>>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>>> >>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>> RouterOS >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Mikrotik mailing list >>>>>> Mikrotik@mail.butchevans.com >>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>> >>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>> RouterOS >>>>>> >>>>>> >>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>> signature database 7404 (20120821) __________ >>>>>> >>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>> >>>>>> http://www.eset.com >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>> signature >>>>> database 7404 (20120821) __________ >>>>> >>>>> The message was checked by ESET NOD32 Antivirus. >>>>> >>>>> http://www.eset.com >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Mikrotik mailing list >>>>> Mikrotik@mail.butchevans.com >>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>> >>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>> RouterOS >>>> >>>> >>>> _______________________________________________ >>>> Mikrotik mailing list >>>> Mikrotik@mail.butchevans.com >>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>>> >>>> >>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>> signature database 7404 (20120821) __________ >>>> >>>> The message was checked by ESET NOD32 Antivirus. >>>> >>>> http://www.eset.com >>>> >>>> >>>> >>> >>> >>> __________ Information from ESET NOD32 Antivirus, version of virus >>> signature >>> database 7404 (20120821) __________ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> >>> _______________________________________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >> >> _______________________________________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 7404 (20120821) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 7404 (20120821) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS