Question

I have Rut 955. There is a need to support two l2tp over IPSEC channels. One channel works without problems. When trying to raise two channels - the second one in the list does not go through the first phase. Mikrotiks acts as a server part. Is it possible to organize two tunnels at the same time? The server addresses are different.

Comments

Thank you I came to the conclusion that the purchased rut 955 turned out to be a device with wide, but limited and poorly documented capabilities at a not too low price.

Answer 1

Hello,

It could work, however, there are a few specific configuration requirements to the IPsec configuration.

Try tunnels with the following:

• Use unique identifiers for each IPsec instance;
• Depending on the authentication method used, they must match on both instances and use identical secrets or certificates;
• Phase1 and phase2 algorithms must also be identical.  

Best regards,

Comments

Good day! Where should unique identifiers be specified? Is it possible to see a ready-made example of such a situation? And what to do if it is not possible to set the same secrets.

---

Identifiers are set in IPsec instance configuration section.

No example documentation of such configuration is available at the moment. The guidelines above were gathered from previous testing of similar setup.

When different secrets are used, connectivity is established only over one of the tunnels.