Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » router » mikrotik_vpn_l2tp
Trace: mikrotik_reboot spoof_mac_addr remote_maintenance mikrotik_bonding mikrotik_vpn_pptp
networking:router:mikrotik_vpn_l2tp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:router:mikrotik_vpn_l2tp [2016/05/13 12:54]
jcooper 		networking:router:mikrotik_vpn_l2tp [2019/08/14 14:13] (current)
gcooper
Line 1: Line 1:
 ====== Mikrotik L2TP VPN ====== ====== Mikrotik L2TP VPN ======
 +
 +**RouterOS v6.44 or above**: https://saputra.org/threads/mikrotik-l2tp-over-ipsec-vpn-server-tutorial-guide-for-routeros-v6-44.106/
 +
 +Stats: http://rickfreyconsulting.com/mikrotik-vpns/
 +
 +New info? http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf
  
 FIXME Needs verification and completion FIXME Needs verification and completion
Line 15: Line 21:
 **PPP -> Interface -> L2TP Server -> Enable** **PPP -> Interface -> L2TP Server -> Enable**
  
-  * MTU 1450 +  * Max MTU 
-  * Authentication uncheck chap and pap leave MSCHAPv2 and MSCHAv1 +    * L2TP has 40-byte overhead 
-  * Check Use IPsec enter IPsec Secret:+    * 1450 - Lowering the MTU can speed up VPN - test path MTU first 
 +    * 1460 - Default - Good if uplink MTU is 1500 
 +  * Default Profile 
 +    * Select ''default-encryption'' or create your own profile 
 +  * Authentication 
 +    * De-select ''chap'' and ''pap'' 
 +    * Select ''MSCHAPv2'' and ''MSCHAP1'' 
 +  * Select ''Use IPsec'' 
 +  * Enter IPsec Secret needed to configure client 
 +  * Click ''OK''
  
 ===== Create IP Pool for Multiple Users ===== ===== Create IP Pool for Multiple Users =====
Line 24: Line 39:
  
   * Name L2TPpool   * Name L2TPpool
-  * Range of addresses (192.168.1.10-192.168.1.20)+  * Range of addresses e.g. (192.168.1.10-192.168.1.20) outside of LAN DHCP range
  
 **PPP -> Profiles -> Default-Encryption** **PPP -> Profiles -> Default-Encryption**
Line 31: Line 46:
   * Remote Address (pool you created)   * Remote Address (pool you created)
  
-**PPP -> PPTP Server -> Secrets**+**PPP -> Interface -> L2TP Server**
  
-  * Specify profile (Default-Encryption if using IP pool)+  * Specify Default Profile -> ''default-encryption''
  
-===== Create Single Users =====+===== Create Users =====
  
 **PPP -> Secrets -> Add+** **PPP -> Secrets -> Add+**
Line 61: Line 76:
 **Interfaces -> etherN -> General -> ARP -> Proxy-ARP** **Interfaces -> etherN -> General -> ARP -> Proxy-ARP**
  
-===== Firewall ===== 
  
-**PPTP** uses: 
  
-  * TCP port 1723 
-  * GRE (protocol ID 47) for tunneling 
  
-Accept PPTP in Mikrotik: 
  
-<file> +
-/ip firewall filter add chain=input action=accept protocol=tcp dst-port=1723 +
-/ip firewall filter add chain=input action=accept protocol=gre +
-</file>+
networking/router/mikrotik_vpn_l2tp.1463165650.txt.gz · Last modified: 2016/05/13 12:54 by jcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki