L2TP IPSec doesn't work from other city












0















I have a well working L2TP IPSec connection from any mobile or desktop client to my Mikrotik RB2011UiAS-2HnD-IN (RouterOS v6.30.2). It works when I connect through any mobile or stationary ISP within my city. The log of a successful connection looks approximately so:



ipsec, error    key length mismatched, mine:128 peer:256.

ipsec, error    authtype mismatched: my:hmac-sha1 peer:hmac-md5

l2tp, info  first L2TP UDP packet received from X.X.X.X

l2tp, ppp, info, account    MyUser logged in, 192.168.111.246

l2tp, ppp, info <l2tp-MyUser>: authenticated

l2tp, ppp, info <l2tp-MyUser>: connected

l2tp, ppp, info <l2tp-MyUser>: terminating... - peer is not responding

l2tp, ppp, info, account    MyUser logged out, 165 157 168 26 15

l2tp, ppp, info <l2tp-MyUser>: disconnected


Some days ago I attempted to connect from other city: through one mobile and one stationary ISP. The connection didn't succeed, and log contained only one line:



l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y


or such lines:



ipsec, error    key length mismatched, mine:128 peer:256.

ipsec, error    authtype mismatched: my:hmac-sha1 peer:hmac-md5

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y


What is wrong? Can ISP block or corrupt L2TP IPSec connection?



P.S. There is another interesting detail:
I used to connect to Romanian PPTP VPN to bypass my home provider's web censorship and it always worked in my home city, but when I connected to the same VPN from other city (where the L2TP IPsec failed), I discovered that the site of my interest is still censored. The only explanation that comes to my mind is that provider acts like a MITM. It seems that the provider uses following tactics: tap the line, when impossible, then prevent from connecting.






networking vpn mikrotik-routeros l2tp







share|improve this question




















  • 1





    ISPs can and will mess with your traffic. Maybe your own ISP has a policy of not allowing L2TP into his customer-facing network, but does not enforce this inside it.

    – Eugen Rieck
    Jan 8 '16 at 19:19











  • @Eugen Rieck: My local provider doesn't block L2TP because I am able to connect from cellular phone through HSDPA and 3G from within my city. Is there some way to mask L2TP traffic from ISP ?

    – Paul
    Jan 8 '16 at 19:55


















0















I have a well working L2TP IPSec connection from any mobile or desktop client to my Mikrotik RB2011UiAS-2HnD-IN (RouterOS v6.30.2). It works when I connect through any mobile or stationary ISP within my city. The log of a successful connection looks approximately so:



ipsec, error    key length mismatched, mine:128 peer:256.

ipsec, error    authtype mismatched: my:hmac-sha1 peer:hmac-md5

l2tp, info  first L2TP UDP packet received from X.X.X.X

l2tp, ppp, info, account    MyUser logged in, 192.168.111.246

l2tp, ppp, info <l2tp-MyUser>: authenticated

l2tp, ppp, info <l2tp-MyUser>: connected

l2tp, ppp, info <l2tp-MyUser>: terminating... - peer is not responding

l2tp, ppp, info, account    MyUser logged out, 165 157 168 26 15

l2tp, ppp, info <l2tp-MyUser>: disconnected


Some days ago I attempted to connect from other city: through one mobile and one stationary ISP. The connection didn't succeed, and log contained only one line:



l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y


or such lines:



ipsec, error    key length mismatched, mine:128 peer:256.

ipsec, error    authtype mismatched: my:hmac-sha1 peer:hmac-md5

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y


What is wrong? Can ISP block or corrupt L2TP IPSec connection?



P.S. There is another interesting detail:
I used to connect to Romanian PPTP VPN to bypass my home provider's web censorship and it always worked in my home city, but when I connected to the same VPN from other city (where the L2TP IPsec failed), I discovered that the site of my interest is still censored. The only explanation that comes to my mind is that provider acts like a MITM. It seems that the provider uses following tactics: tap the line, when impossible, then prevent from connecting.






networking vpn mikrotik-routeros l2tp







share|improve this question




















  • 1





    ISPs can and will mess with your traffic. Maybe your own ISP has a policy of not allowing L2TP into his customer-facing network, but does not enforce this inside it.

    – Eugen Rieck
    Jan 8 '16 at 19:19











  • @Eugen Rieck: My local provider doesn't block L2TP because I am able to connect from cellular phone through HSDPA and 3G from within my city. Is there some way to mask L2TP traffic from ISP ?

    – Paul
    Jan 8 '16 at 19:55
















0












0








0








I have a well working L2TP IPSec connection from any mobile or desktop client to my Mikrotik RB2011UiAS-2HnD-IN (RouterOS v6.30.2). It works when I connect through any mobile or stationary ISP within my city. The log of a successful connection looks approximately so:



ipsec, error    key length mismatched, mine:128 peer:256.

ipsec, error    authtype mismatched: my:hmac-sha1 peer:hmac-md5

l2tp, info  first L2TP UDP packet received from X.X.X.X

l2tp, ppp, info, account    MyUser logged in, 192.168.111.246

l2tp, ppp, info <l2tp-MyUser>: authenticated

l2tp, ppp, info <l2tp-MyUser>: connected

l2tp, ppp, info <l2tp-MyUser>: terminating... - peer is not responding

l2tp, ppp, info, account    MyUser logged out, 165 157 168 26 15

l2tp, ppp, info <l2tp-MyUser>: disconnected


Some days ago I attempted to connect from other city: through one mobile and one stationary ISP. The connection didn't succeed, and log contained only one line:



l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y


or such lines:



ipsec, error    key length mismatched, mine:128 peer:256.

ipsec, error    authtype mismatched: my:hmac-sha1 peer:hmac-md5

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y


What is wrong? Can ISP block or corrupt L2TP IPSec connection?



P.S. There is another interesting detail:
I used to connect to Romanian PPTP VPN to bypass my home provider's web censorship and it always worked in my home city, but when I connected to the same VPN from other city (where the L2TP IPsec failed), I discovered that the site of my interest is still censored. The only explanation that comes to my mind is that provider acts like a MITM. It seems that the provider uses following tactics: tap the line, when impossible, then prevent from connecting.






networking vpn mikrotik-routeros l2tp







share|improve this question
















I have a well working L2TP IPSec connection from any mobile or desktop client to my Mikrotik RB2011UiAS-2HnD-IN (RouterOS v6.30.2). It works when I connect through any mobile or stationary ISP within my city. The log of a successful connection looks approximately so:



ipsec, error    key length mismatched, mine:128 peer:256.

ipsec, error    authtype mismatched: my:hmac-sha1 peer:hmac-md5

l2tp, info  first L2TP UDP packet received from X.X.X.X

l2tp, ppp, info, account    MyUser logged in, 192.168.111.246

l2tp, ppp, info <l2tp-MyUser>: authenticated

l2tp, ppp, info <l2tp-MyUser>: connected

l2tp, ppp, info <l2tp-MyUser>: terminating... - peer is not responding

l2tp, ppp, info, account    MyUser logged out, 165 157 168 26 15

l2tp, ppp, info <l2tp-MyUser>: disconnected


Some days ago I attempted to connect from other city: through one mobile and one stationary ISP. The connection didn't succeed, and log contained only one line:



l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y


or such lines:



ipsec, error    key length mismatched, mine:128 peer:256.

ipsec, error    authtype mismatched: my:hmac-sha1 peer:hmac-md5

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y

l2tp, info  first L2TP UDP packet received from Y.Y.Y.Y


What is wrong? Can ISP block or corrupt L2TP IPSec connection?



P.S. There is another interesting detail:
I used to connect to Romanian PPTP VPN to bypass my home provider's web censorship and it always worked in my home city, but when I connected to the same VPN from other city (where the L2TP IPsec failed), I discovered that the site of my interest is still censored. The only explanation that comes to my mind is that provider acts like a MITM. It seems that the provider uses following tactics: tap the line, when impossible, then prevent from connecting.






networking vpn mikrotik-routeros l2tp




networking vpn mikrotik-routeros l2tp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 14 '18 at 21:54









Duncan X Simpson

1,105823




1,105823










asked Jan 8 '16 at 19:16









PaulPaul

3001924




3001924








  • 1





    ISPs can and will mess with your traffic. Maybe your own ISP has a policy of not allowing L2TP into his customer-facing network, but does not enforce this inside it.

    – Eugen Rieck
    Jan 8 '16 at 19:19











  • @Eugen Rieck: My local provider doesn't block L2TP because I am able to connect from cellular phone through HSDPA and 3G from within my city. Is there some way to mask L2TP traffic from ISP ?

    – Paul
    Jan 8 '16 at 19:55
















  • 1





    ISPs can and will mess with your traffic. Maybe your own ISP has a policy of not allowing L2TP into his customer-facing network, but does not enforce this inside it.

    – Eugen Rieck
    Jan 8 '16 at 19:19











  • @Eugen Rieck: My local provider doesn't block L2TP because I am able to connect from cellular phone through HSDPA and 3G from within my city. Is there some way to mask L2TP traffic from ISP ?

    – Paul
    Jan 8 '16 at 19:55










1




1





ISPs can and will mess with your traffic. Maybe your own ISP has a policy of not allowing L2TP into his customer-facing network, but does not enforce this inside it.

– Eugen Rieck
Jan 8 '16 at 19:19





ISPs can and will mess with your traffic. Maybe your own ISP has a policy of not allowing L2TP into his customer-facing network, but does not enforce this inside it.

– Eugen Rieck
Jan 8 '16 at 19:19













@Eugen Rieck: My local provider doesn't block L2TP because I am able to connect from cellular phone through HSDPA and 3G from within my city. Is there some way to mask L2TP traffic from ISP ?

– Paul
Jan 8 '16 at 19:55







@Eugen Rieck: My local provider doesn't block L2TP because I am able to connect from cellular phone through HSDPA and 3G from within my city. Is there some way to mask L2TP traffic from ISP ?

– Paul
Jan 8 '16 at 19:55












0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1023664%2fl2tp-ipsec-doesnt-work-from-other-city%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1023664%2fl2tp-ipsec-doesnt-work-from-other-city%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Terni

Image
Questa voce o sezione sull'argomento Umbria non è ancora formattata secondo gli standard . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Segui i suggerimenti del progetto di riferimento. Terni comune Localizzazione Stato   Italia Regione Umbria Provincia Terni Amministrazione Sindaco Leonardo Latini (Lega Nord) dal 25-06-2018 Territorio Coordinate 42°34′N 12°39′E  /  42.566667°N 12.65°E 42.566667; 12.65  ( Terni ) Coordinate: 42°34′N 12°39′E  /  42.566667°N 12.65°E 42.566667; 12.65  ( Terni ) Altitudine 130 m s.l.m. Superficie 211,90 km² Abitanti 111 189 [1] (31-12-2017) Densità 524,72 ab./km² Frazioni Vedi elenco Comuni confinanti Acquasparta, Arrone, Colli sul Velino (RI), Labro (RI), Montecastrilli, Montefranco, Narni, Rieti (RI), San Gemini, Spoleto (PG), Stroncone Altre informazioni Cod. postale 05100 Prefisso 0744 Fuso orario UTC+1 Codice ISTAT...
Read more

A new problem with tex4ht and tikz

Image
3 When run through pdflatex the code snippet below produces: but when I run it through make4ht the following web page, without the numbers, is generated: (The difference in scale is an artifact of my skills in taking screenshots.) Here is the code: documentclass{article} usepackage{tikz} begin{document} begin{tikzpicture} foreach x in {-3,...,3} { draw(x,0.25) --(x,0)node[below]{x}; } foreach x in {-2.5,...,2.5} { draw(x,0.18) --(x,0); } draw[thick,<->](-3.5,0)--(3.5,0); filldraw[blue!50!white](1.5,0) circle (1mm); draw[red] (-3.5,-1) rectangle (3.5,1); % make bounding box higher end{tikzpicture} end{document} Only the first line of the tikzpicture environment is necessary. The rest is just to show that everything else is OK. I am...
Read more

Sun Ra

Image
.mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento compositori statunitensi non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Sun Ra Sun Ra nel 1992 al conservatorio del New England Nazionalità   Stati Uniti Genere Fusion Free jazz Hard bop Space music Jazz d'avanguardia Musica sperimentale Big band Periodo di attività musicale 1934 – 1993 Strumento pianoforte, sintetizzatore Modifica dati su Wikidata  · Manuale .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output...
Read more