Changes

Template:Netoworking rutxxx configuration example mikrotik l2tp ipsec (view source)

Revision as of 18:53, 28 February 2020

1,497 bytes added ,  18:53, 28 February 2020
no edit summary
Line 22: Line 22:     
The first step is to create a PPP Profile on the MikroTik. Use a 192.168.102.1 for the local address (the VPN Gateway), assuming this is not already in use. You will also need to add a DNS Server. Use this command:
 
The first step is to create a PPP Profile on the MikroTik. Use a 192.168.102.1 for the local address (the VPN Gateway), assuming this is not already in use. You will also need to add a DNS Server. Use this command:
 +
 +
/ppp profile add name=ipsec_vpn local-address=192.168.102.1 dns-server=1.1.1.1
 +
 +
Next, you need to add an L2TP-server interface and set the allowed authentication methods, mschap1 and mschap2. Use this command:
 +
 +
/interface l2tp-server server set enabled=yes default-profile=ipsec_vpn authentication=mschap1,mschap2
 +
 +
Then you need to define the peering of IPSec and also the default IPsec policy. You will also set the pre-shared-key secret in the process. Use these commands to do so:
 +
 +
/ip ipsec policy set [ find default=yes ] src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all proposal=default template=yes
 +
 +
/ip ipsec peer add exchange-mode=main passive=yes name=l2tpserver
 +
 +
/ip ipsec identity add generate-policy=port-override auth-method=pre-shared-key secret="password" peer=l2tpserver
 +
 +
Next, set the default encryption algorithms:
 +
 +
/ip ipsec proposal set default auth-algorithms=sha1 enc-algorithms=3des pfs-group=modp1024
 +
 +
Now, add a user and allocate an IP Address:
 +
 +
/ppp secret add name="username" password="password" service=l2tp profile=ipsec_vpn remote-address=192.168.102.2
 +
 +
Open the IPSec ports from the WAN:
 +
 +
/ip firewall filter add chain=input action=accept protocol=udp port=1701,500,4500
 +
 +
/ip firewall filter add chain=input action=accept protocol=ipsec-esp
 +
 +
Now go to '''IP > Firewall''' and change positions of the 2 Firewall rules you just created (drag it to the top like in the example) in order to move them, press # sign.
 +
 +
[[File:]]
 +
 +
==RUT configuration==
Justinasm
0

edits

Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/55808"

Navigation menu