For security reason L2TP isn't good. Ipsec + L2TP is the only way supported by iPhone (it ask you "security/secret" and not only password).
You can also check this: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP My post was for all device tested with : WindowsXP, 7, iPhone and Android! Check: "Do not forget to allow: - UDP 500 (Dst.Port), - UDP 1701, - UDP 4500 (Nat-Traversal) - and Protocol 50 (ESP) in the firewall filter settings. (Input chain, accept). " 2012/8/22 Meftah Tayeb <[email protected]>: > question, sim > is l2tp itself alone good? > i think it's working only L2TP. > > ----- Original Message ----- From: "Sim" <[email protected]> > To: "Mikrotik discussions" <[email protected]> > Sent: Wednesday, August 22, 2012 9:41 PM > > Subject: Re: [Mikrotik] IPSec for mobile > > >> The config posted in precedent email is correct and work in my 3 Mikrotik. >> Have you opened/forwarded corrected port/proto? >> >> >> 2012/8/22 Meftah Tayeb <[email protected]>: >>> >>> ok so >>> i did your suggestion but l2tp server not replying >>> log: >>> Telnet 172.28.2.1 >>> 19:28:32 ipsec,debug,packet encryption(aes) >>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>> 19:28:32 ipsec,debug,packet call pfkey_send_update_nat >>> 19:28:32 ipsec,debug,packet pfkey update sent. >>> 19:28:32 ipsec,debug,packet encryption(aes) >>> 19:28:32 ipsec,debug,packet hmac(hmac_sha1) >>> 19:28:32 ipsec,debug,packet call pfkey_send_add_nat >>> 19:28:32 ipsec,debug,packet pfkey add sent. >>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(inbound) sent. >>> 19:28:32 ipsec,debug,packet call pfkey_send_spdupdate2 >>> 19:28:32 ipsec,debug,packet pfkey spdupdate2(outbound) sent. >>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>> 172.28.1.5[0]->41.221.20.110[0] spi=40327812(0x26 >>> 75a84) >>> 19:28:32 ipsec,debug === >>> 19:28:32 ipsec IPsec-SA established: ESP/Transport >>> 41.221.20.110[0]->172.28.1.5[0] spi=48155402(0x2d >>> ecb0a) >>> 19:28:32 ipsec,debug === >>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>> 172.28.1.5/32[0] 41.221.20.110/32[0] >>> proto=udp dir=in >>> 19:28:32 ipsec,debug,packet such policy does not already exist: >>> 41.221.20.110/32[0] 172.28.1.5/32[0] >>> proto=udp dir=out >>> 19:28:33 l2tp,debug,packet rcvd control message from 172.28.1.5:54077 >>> 19:28:33 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 >>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRQ >>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x3 >>> 19:28:33 l2tp,debug,packet (M) >>> Host-Name=0x69:50:68:6f:6e:65:2d:64:65:2d:54:41:59:45:42:00 >>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=3 >>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>> 19:28:33 l2tp,info first L2TP UDP packet received from 172.28.1.5 >>> 19:28:33 l2tp,debug tunnel 2 entering state: wait-ctl-conn >>> 19:28:33 l2tp,debug,packet sent control message to 172.28.1.5:54077 >>> 19:28:33 l2tp,debug,packet tunnel-id=3, session-id=0, ns=0, nr=1 >>> 19:28:33 l2tp,debug,packet (M) Message-Type=SCCRP >>> 19:28:33 l2tp,debug,packet (M) Protocol-Version=0x01:00 >>> 19:28:33 l2tp,debug,packet (M) Framing-Capabilities=0x1 >>> 19:28:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0 >>> 19:28:33 l2tp,debug,packet Firmware-Revision=0x1 >>> 19:28:33 l2tp,debug,packet (M) Host-Name="Edge01-493-Alger" >>> 19:28:33 l2tp,debug,packet Vendor-Name="MikroTik" >>> 19:28:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=2 >>> 19:28:33 l2tp,debug,packet (M) Receive-Window-Size=4 >>> [admin@Edge01-493-Alger] /ppp secret> >>> >>> >>> ----- Original Message ----- From: "Sim" <[email protected]> >>> To: "Mikrotik discussions" <[email protected]> >>> Sent: Wednesday, August 22, 2012 4:44 PM >>> >>> Subject: Re: [Mikrotik] IPSec for mobile >>> >>> >>>> iPhone IPsec is for Cisco (see logo). >>>> >>>> Use L2TP+IPsec (first choice on your mobile device) >>>> >>>> Regards >>>> >>>> 2012/8/22 Meftah Tayeb <[email protected]>: >>>>> >>>>> >>>>> thank you a lot ! >>>>> is L2TP required? >>>>> or IPSec can work alone ? >>>>> >>>>> ----- Original Message ----- From: "Sim" <[email protected]> >>>>> To: "Mikrotik discussions" <[email protected]> >>>>> Sent: Wednesday, August 22, 2012 4:39 PM >>>>> Subject: Re: [Mikrotik] IPSec for mobile >>>>> >>>>> >>>>> >>>>>> Hi, this is that you need :-) >>>>>> >>>>>> # Server & Preshared (1234567abcdef) config >>>>>> /interface l2tp-server server set enabled=yes >>>>>> >>>>>> /ip ipsec proposal >>>>>> set [ find default=yes ] auth-algorithms=sha1 disabled=no >>>>>> enc-algorithms=3des,aes-256 \ >>>>>> lifetime=30m name=default pfs-group=modp1024 >>>>>> >>>>>> /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key >>>>>> dh-group=modp1024 disabled=no \ >>>>>> dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des >>>>>> exchange-mode=main-l2tp generate-policy=yes \ >>>>>> hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes >>>>>> port=500 secret=1234567abcdef send-initial-contact=yes >>>>>> >>>>>> # ADD Client (change user, psw, ips) >>>>>> /ppp secret add name=user password=12345 profile=default-encryption >>>>>> local-address=192.168.255.10 remote-address=192.168.255.254 >>>>>> service=l2tp >>>>>> >>>>>> >>>>>> # Debug >>>>>> /system logging add action=memory topics=l2tp >>>>>> /system logging add action=memory topics=ipsec >>>>>> >>>>>> >>>>>> Regards >>>>>> >>>>>> >>>>>> 2012/8/22 Meftah Tayeb <[email protected]>: >>>>>>> >>>>>>> >>>>>>> >>>>>>> hello folks >>>>>>> i'm traveling these days and i'lle love to be in my home network >>>>>>> i have a iPhone4S >>>>>>> i want to do IPSec or L2TP (no pptp) into my rb493G >>>>>>> any idea please? >>>>>>> IPSec look very complicated... no OpenVPN in iOs. no Jailbreack. >>>>>>> thank you >>>>>>> Meftah Tayeb >>>>>>> IT Consulting >>>>>>> http://www.tmvoip.com/ phone: +21321656139 >>>>>>> Mobile: +213660347746 >>>>>>> >>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>> signature >>>>>>> database 7404 (20120821) __________ >>>>>>> >>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>> >>>>>>> http://www.eset.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Mikrotik mailing list >>>>>>> [email protected] >>>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>>> >>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>> RouterOS >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Mikrotik mailing list >>>>>> [email protected] >>>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>>> >>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>> RouterOS >>>>>> >>>>>> >>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>> signature database 7404 (20120821) __________ >>>>>> >>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>> >>>>>> http://www.eset.com >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>> signature >>>>> database 7404 (20120821) __________ >>>>> >>>>> The message was checked by ESET NOD32 Antivirus. >>>>> >>>>> http://www.eset.com >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Mikrotik mailing list >>>>> [email protected] >>>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>>> >>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>> RouterOS >>>> >>>> >>>> _______________________________________________ >>>> Mikrotik mailing list >>>> [email protected] >>>> http://www.butchevans.com/mailman/listinfo/mikrotik >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>>> >>>> >>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>> signature database 7404 (20120821) __________ >>>> >>>> The message was checked by ESET NOD32 Antivirus. >>>> >>>> http://www.eset.com >>>> >>>> >>>> >>> >>> >>> __________ Information from ESET NOD32 Antivirus, version of virus >>> signature >>> database 7404 (20120821) __________ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> >>> _______________________________________________ >>> Mikrotik mailing list >>> [email protected] >>> http://www.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >> >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 7404 (20120821) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 7404 (20120821) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
