Changes

Template:Netoworking rutxxx configuration example mikrotik l2tp ipsec (view source)

Revision as of 15:30, 3 April 2020

2,082 bytes added ,  15:30, 3 April 2020
→‎Configuration scheme
Line 9: Line 9:  
* One RUTxxx router of any type
 
* One RUTxxx router of any type
 
* One Mikrotik router (this configuration example was created using Mikrotik rb750gr3)
 
* One Mikrotik router (this configuration example was created using Mikrotik rb750gr3)
* Server must have a Public Static or Public Dynamic IP address
+
* Server must have a Public Static or Public Dynamic IP address (client can have private or public IP address)
 
* At least one end device (PC, Laptop) to configure the routers
 
* At least one end device (PC, Laptop) to configure the routers
 
* WinBox application
 
* WinBox application
    
==Configuration scheme==
 
==Configuration scheme==
 +
 +
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_topology_v1.png|border|class=tlt-border|700px]]
    
==Mikrotik configuration==
 
==Mikrotik configuration==
Line 19: Line 21:  
Connect to MikroTik by using '''WinBox''' application and press '''New Terminal'''.
 
Connect to MikroTik by using '''WinBox''' application and press '''New Terminal'''.
   −
[[File:]]
+
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_1_v1.jpg|border|class=tlt-border]]
    
The first step is to create a PPP Profile on the MikroTik. Use a 192.168.102.1 for the local address (the VPN Gateway), assuming this is not already in use. You will also need to add a DNS Server. Use this command:
 
The first step is to create a PPP Profile on the MikroTik. Use a 192.168.102.1 for the local address (the VPN Gateway), assuming this is not already in use. You will also need to add a DNS Server. Use this command:
Line 53: Line 55:  
Now go to '''IP > Firewall''' and change positions of the 2 Firewall rules you just created (drag it to the top like in the example) in order to move them, press '''#''' sign.
 
Now go to '''IP > Firewall''' and change positions of the 2 Firewall rules you just created (drag it to the top like in the example) in order to move them, press '''#''' sign.
   −
[[File:]]
+
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_2_v1.jpg|border|class=tlt-border]]
    
==RUT configuration==
 
==RUT configuration==
   −
Access RUTxxx WebUI and go to '''Services > VPN > L2TP'''. There create a new configuration by selecting role '''Client'', writing '''New configuration name''' (anything you want) and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
+
Access RUTxxx WebUI and go to '''Services > VPN > L2TP'''. There create a new configuration by selecting role '''Client'', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
   −
[[File:]]
+
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_3_v1.jpg|border|class=tlt-border]]
    
Then apply the following configuration.
 
Then apply the following configuration.
   −
[[File:]]
+
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_4_v1.jpg|border|class=tlt-border]]
    
# '''Enable''' instance.
 
# '''Enable''' instance.
Line 71: Line 73:  
# Set '''Keep alive''' (30).
 
# Set '''Keep alive''' (30).
 
# Press '''Save'''.
 
# Press '''Save'''.
 +
 +
Now go to '''Services > VPN > IPsec'''.
 +
 +
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_5_v1.jpg|border|class=tlt-border]]
 +
 +
# Write '''Pre-shared key''' (write the password which you created with this command /ip ipsec identity add generate-policy=port-override auth-method=pre-shared-key secret="password" peer=l2tpserver ).
 +
# Press '''Save'''.
 +
# Write '''IPsec''' interface name and press '''Add'''.
 +
# When the interface appears like in the example, press '''Edit'''.
 +
 +
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_6_v1.jpg|border|class=tlt-border]]
 +
 +
# '''Enable''' instance.
 +
# Select '''Type''' (Transport).
 +
# Write '''Remote VPN endpoint''' (MikroTik public IP address).
 +
# Select '''DH group''' (MODP1024)
 +
# Set all of the settings in '''Phase 2''' to be exactly the same as in the '''Phase 1'''.
 +
# Press '''Save'''.
 +
 +
==Testing configuration==
 +
 +
Go to '''Status > Routes''' and in the '''Active IP Routes''' table you should see this new route:
 +
 +
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_7_v1.jpg|border|class=tlt-border]]
 +
 +
Try to ping the remote VPN endpoint via '''CLI''' or '''SSH''' using this command:
 +
 +
ping 192.168.102.1
 +
 +
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_8_v1.jpg|border|class=tlt-border]]
 +
 +
Also, you can check whether '''IPsec''' is working by writing this command to '''CLI''':
 +
 +
ipsec status
 +
 +
It should show:
 +
 +
Security Associations (1 up, 0 connecting)
 +
 +
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_9_v1.jpg|border|class=tlt-border]]
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/55809...58179"

Navigation menu