Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » router » mikrotik_vpn_l2tp
Trace:
networking:router:mikrotik_vpn_l2tp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:router:mikrotik_vpn_l2tp [2016/05/13 12:37]
jcooper 		networking:router:mikrotik_vpn_l2tp [2019/08/14 14:13] (current)
gcooper
Line 1: Line 1:
 ====== Mikrotik L2TP VPN ====== ====== Mikrotik L2TP VPN ======
 +
 +**RouterOS v6.44 or above**: https://saputra.org/threads/mikrotik-l2tp-over-ipsec-vpn-server-tutorial-guide-for-routeros-v6-44.106/
 +
 +Stats: http://rickfreyconsulting.com/mikrotik-vpns/
 +
 +New info? http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf
  
 FIXME Needs verification and completion FIXME Needs verification and completion
Line 11: Line 17:
   * All traffic routes through tunnel   * All traffic routes through tunnel
  
-===== Enable PPTP Server =====+===== Enable L2TP Server =====
  
-**PPP -> Interface -> PPTP Server -> Enable**+**PPP -> Interface -> L2TP Server -> Enable**
  
-  * MTU 1460 +  * Max MTU 
-  MSCHAPv2 (encryption) +    L2TP has 40-byte overhead 
- +    1450 - Lowering the MTU can speed up VPN test path MTU first 
-===== Create Single Users ===== +    * 1460 - Default - Good if uplink MTU is 1500 
- +  * Default Profile 
-**PPP -> Secrets** +    * Select ''default-encryption'' or create your own profile 
- +  * Authentication 
-  * **Name** +    * De-select ''chap'' and ''pap'' 
-    * Username +    * Select ''MSCHAPv2'' and ''MSCHAP1'
-  * **Password** +  * Select ''Use IPsec'' 
-  * **Service** +  Enter IPsec Secret needed to configure client 
-    * ''pptp'' +  * Click ''OK''
-  * **Local Address** +
-    * Same for all users +
-    * Router's LAN address +
-  * **Remote Address** +
-    Different for each user +
-    * Outside of DHCP range +
-  * **Profile** +
-    * ''default-encryption''+
  
 ===== Create IP Pool for Multiple Users ===== ===== Create IP Pool for Multiple Users =====
Line 40: Line 38:
 **IP -> Pool -> Add** **IP -> Pool -> Add**
  
-  * Range of addresses (192.168.1.10-192.168.1.20)+  * Name L2TPpool 
 +  * Range of addresses e.g. (192.168.1.10-192.168.1.20) outside of LAN DHCP range
  
 **PPP -> Profiles -> Default-Encryption** **PPP -> Profiles -> Default-Encryption**
Line 47: Line 46:
   * Remote Address (pool you created)   * Remote Address (pool you created)
  
-**PPP -> PPTP Server -> Secrets**+**PPP -> Interface -> L2TP Server**
  
-  * Specify profile (Default-Encryption)+  * Specify Default Profile -> ''default-encryption'' 
 + 
 +===== Create Users ===== 
 + 
 +**PPP -> Secrets -> Add+** 
 + 
 +  * **Name** 
 +    * Username 
 +  * **Password** 
 +  * **Service** 
 +    * ''l2tp'' 
 +  * **Local Address** (leave blank if using IP pool) 
 +    * Same for all users 
 +    * Router's LAN address 
 +  * **Remote Address** (leave blank if using IP pool) 
 +    * Different for each user  
 +    * Outside of DHCP range 
 +  * **Profile** 
 +    * ''default-encryption''
  
 ===== Proxy-ARP ===== ===== Proxy-ARP =====
Line 59: Line 76:
 **Interfaces -> etherN -> General -> ARP -> Proxy-ARP** **Interfaces -> etherN -> General -> ARP -> Proxy-ARP**
  
-===== Firewall ===== 
  
-**PPTP** uses: 
  
-  * TCP port 1723 
-  * GRE (protocol ID 47) for tunneling 
  
-Accept PPTP in Mikrotik: 
  
-<file> +
-/ip firewall filter add chain=input action=accept protocol=tcp dst-port=1723 +
-/ip firewall filter add chain=input action=accept protocol=gre +
-</file>+
networking/router/mikrotik_vpn_l2tp.1463164670.txt.gz · Last modified: 2016/05/13 12:37 by jcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki