Line 22: |
Line 22: |
| | | |
| The first step is to create a PPP Profile on the MikroTik. Use a 192.168.102.1 for the local address (the VPN Gateway), assuming this is not already in use. You will also need to add a DNS Server. Use this command: | | The first step is to create a PPP Profile on the MikroTik. Use a 192.168.102.1 for the local address (the VPN Gateway), assuming this is not already in use. You will also need to add a DNS Server. Use this command: |
| + | |
| + | /ppp profile add name=ipsec_vpn local-address=192.168.102.1 dns-server=1.1.1.1 |
| + | |
| + | Next, you need to add an L2TP-server interface and set the allowed authentication methods, mschap1 and mschap2. Use this command: |
| + | |
| + | /interface l2tp-server server set enabled=yes default-profile=ipsec_vpn authentication=mschap1,mschap2 |
| + | |
| + | Then you need to define the peering of IPSec and also the default IPsec policy. You will also set the pre-shared-key secret in the process. Use these commands to do so: |
| + | |
| + | /ip ipsec policy set [ find default=yes ] src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all proposal=default template=yes |
| + | |
| + | /ip ipsec peer add exchange-mode=main passive=yes name=l2tpserver |
| + | |
| + | /ip ipsec identity add generate-policy=port-override auth-method=pre-shared-key secret="password" peer=l2tpserver |
| + | |
| + | Next, set the default encryption algorithms: |
| + | |
| + | /ip ipsec proposal set default auth-algorithms=sha1 enc-algorithms=3des pfs-group=modp1024 |
| + | |
| + | Now, add a user and allocate an IP Address: |
| + | |
| + | /ppp secret add name="username" password="password" service=l2tp profile=ipsec_vpn remote-address=192.168.102.2 |
| + | |
| + | Open the IPSec ports from the WAN: |
| + | |
| + | /ip firewall filter add chain=input action=accept protocol=udp port=1701,500,4500 |
| + | |
| + | /ip firewall filter add chain=input action=accept protocol=ipsec-esp |
| + | |
| + | Now go to '''IP > Firewall''' and change positions of the 2 Firewall rules you just created (drag it to the top like in the example) in order to move them, press # sign. |
| + | |
| + | [[File:]] |
| + | |
| + | ==RUT configuration== |