476
edits
Changes
Template:Netoworking rutxxx configuration example mikrotik l2tp ipsec (view source)
Revision as of 15:30, 3 April 2020
, 15:30, 3 April 2020→Configuration scheme
* One RUTxxx router of any type
* One RUTxxx router of any type
* One Mikrotik router (this configuration example was created using Mikrotik rb750gr3)
* One Mikrotik router (this configuration example was created using Mikrotik rb750gr3)
* Server must have a Public Static or Public Dynamic IP address
* Server must have a Public Static or Public Dynamic IP address (client can have private or public IP address)
* At least one end device (PC, Laptop) to configure the routers
* At least one end device (PC, Laptop) to configure the routers
* WinBox application
* WinBox application
==Configuration scheme==
==Configuration scheme==
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_topology_v1.png|border|class=tlt-border|700px]]
==Mikrotik configuration==
==Mikrotik configuration==
==RUT configuration==
==RUT configuration==
Access RUTxxx WebUI and go to '''Services > VPN > L2TP'''. There create a new configuration by selecting role '''Client'', writing '''New configuration name''' (anything you want) and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
Access RUTxxx WebUI and go to '''Services > VPN > L2TP'''. There create a new configuration by selecting role '''Client'', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_3_v1.jpg|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_3_v1.jpg|border|class=tlt-border]]
# Write '''Pre-shared key''' (write the password which you created with this command /ip ipsec identity add generate-policy=port-override auth-method=pre-shared-key secret="password" peer=l2tpserver ).
# Write '''Pre-shared key''' (write the password which you created with this command /ip ipsec identity add generate-policy=port-override auth-method=pre-shared-key secret="password" peer=l2tpserver ).
# Press '''Save'''.
# Press '''Save'''.
# Write '''IPsec''' interface name (write anything you want) and press '''Add''.
# Write '''IPsec''' interface name and press '''Add'''.
# When the interface appears like in the example, press '''Edit'''.
# When the interface appears like in the example, press '''Edit'''.
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_7_v1.jpg|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_7_v1.jpg|border|class=tlt-border]]
Try to ping the remote VPN endpoint via '''CLI''' or '''SSH''' using this command:
ping 192.168.102.1
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_8_v1.jpg|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_8_v1.jpg|border|class=tlt-border]]
Also, you can check whether '''IPsec''' is working by writing this command to CLI:
Also, you can check whether '''IPsec''' is working by writing this command to '''CLI''':
ipsec status
ipsec status
