networking:router:mikrotik_vpn_l2tp

This is an old revision of the document!

Table of Contents

Mikrotik L2TP VPN

Mikrotik L2TP VPN

Needs verification and completion

http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#Server_configuration

http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP

https://www.youtube.com/watch?v=tpgEqzwj_OQ

All traffic routes through tunnel

Enable PPTP Server

PPP → Interface → PPTP Server → Enable

MTU 1460
MSCHAPv2 (encryption)

Create Single Users

PPP → Secrets

Name
- Username
Password
Service
- pptp
Local Address
- Same for all users
- Router's LAN address
Remote Address
- Different for each user
- Outside of DHCP range
Profile
- default-encryption

Create IP Pool for Multiple Users

IP → Pool → Add

Range of addresses (192.168.1.10-192.168.1.20)

PPP → Profiles → Default-Encryption

Local Address (same for all)
Remote Address (pool you created)

PPP → PPTP Server → Secrets

Specify profile (Default-Encryption)

Proxy-ARP

Enable Proxy-ARP on the LAN interface for proper (layer 2 address) ARP resolution.

If you use a LAN bridge, modify that.

Interfaces → etherN → General → ARP → Proxy-ARP

Firewall

PPTP uses:

TCP port 1723
GRE (protocol ID 47) for tunneling

Accept PPTP in Mikrotik:

/ip firewall filter add chain=input action=accept protocol=tcp dst-port=1723
/ip firewall filter add chain=input action=accept protocol=gre

networking/router/mikrotik_vpn_l2tp.1463164670.txt.gz · Last modified: 2016/05/13 12:37 by jcooper