Line 4: |
Line 4: |
| | | |
| This article provides a guide on how to configure L2TP/IPsec tunnel between RUTXxx and Mikrotik routers. | | This article provides a guide on how to configure L2TP/IPsec tunnel between RUTXxx and Mikrotik routers. |
− |
| |
− | {{#ifeq:{{{series}}}|RUTX|
| |
− | <span style="color: red;">The information in this page is updated in accordance with the <span style="color: #0054A6;"><b>[[Media:{{{fw_version}}}_single.bin|{{{fw_version}}}]]</b></span> firmware version.</span>|
| |
− | }}
| |
| | | |
| ==Prerequisites== | | ==Prerequisites== |
Line 19: |
Line 15: |
| ==Configuration scheme== | | ==Configuration scheme== |
| | | |
− | [[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_topology_v1.png|border|class=tlt-border|1100x1100px]] | + | [[File:Networking_rutx_configuration_example_l2tp_ipsec_mikrotik_topology_v1.png|border|class=tlt-border|1100x1100px]] |
| | | |
| ==Mikrotik configuration== | | ==Mikrotik configuration== |
Line 63: |
Line 59: |
| ==RUT configuration== | | ==RUT configuration== |
| | | |
− | Access RUTXxx WebUI and go to '''Services > VPN > L2TP'''. There create a new configuration by selecting role '''Client'', writing '''New configuration name''' and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''. | + | Access RUTXxx WebUI and go to '''Services > VPN > L2TP'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''. |
| | | |
| [[File:Networking_rutx_configuration_example_l2tp_ipsec_mikrotik_3_v1.png|border|class=tlt-border|1100x1100px]] | | [[File:Networking_rutx_configuration_example_l2tp_ipsec_mikrotik_3_v1.png|border|class=tlt-border|1100x1100px]] |
Line 75: |
Line 71: |
| # Write '''Username''' (write the username which you created with this command /ppp secret add name="username" password="password" service=l2tp profile=ipsec_vpn remote-address=192.168.102.2). | | # Write '''Username''' (write the username which you created with this command /ppp secret add name="username" password="password" service=l2tp profile=ipsec_vpn remote-address=192.168.102.2). |
| # Write '''Password''' (write the password which you created with this command /ppp secret add name="username" password="password" service=l2tp profile=ipsec_vpn remote-address=192.168.102.2). | | # Write '''Password''' (write the password which you created with this command /ppp secret add name="username" password="password" service=l2tp profile=ipsec_vpn remote-address=192.168.102.2). |
− | # Press '''Save'''. | + | # Press '''Save & Apply'''. |
| | | |
| Now go to '''Services > VPN > IPsec'''. | | Now go to '''Services > VPN > IPsec'''. |
Line 88: |
Line 84: |
| | | |
| # '''Enable''' instance. | | # '''Enable''' instance. |
| + | # Write '''Remote endpoint''' (MikroTik public IP address). |
| + | # Sellect '''Authentication method''' (Pre-shared key) |
| + | # Write '''Pre-shared key''' (write the password which you created with this command /ip ipsec identity add generate-policy=port-override auth-method=pre-shared-key secret="password" peer=l2tpserver). |
| # Select '''Type''' (Transport). | | # Select '''Type''' (Transport). |
− | # Write '''Remote VPN endpoint''' (MikroTik public IP address). | + | # Select '''Encryption algorithm, Authentication''' and '''DH group''' (sellect options that you set with command /ip ipsec proposal set default auth-algorithms=sha1 enc-algorithms=3des pfs-group=modp1024). |
− | # Select '''DH group''' (MODP1024)
| |
| # Set all of the settings in '''Phase 2''' to be exactly the same as in the '''Phase 1'''. | | # Set all of the settings in '''Phase 2''' to be exactly the same as in the '''Phase 1'''. |
− | # Press '''Save'''. | + | # Press '''Save & Apply'''. |
− | # Write '''Pre-shared key''' (write the password which you created with this command /ip ipsec identity add generate-policy=port-override auth-method=pre-shared-key secret="password" peer=l2tpserver ).
| + | |
− | # Press '''Save'''.
| + | |
| | | |
| ==Testing configuration== | | ==Testing configuration== |