Eureka Moment Wiki

One eureka moment at the time

User Tools

Site Tools


mikrotik:conf:l2tp_ipsec

Mikrotik L2TP IPSec

server
/ip pool add name=pool1 ranges=172.16.1.100-172.16.1.200
/ppp profile add dns-server=10.1.0.2 local-address=10.1.0.1 name=profile1 remote-address=pool1
/ppp secret add name=<username> password=<password> profile=profile1 remote-address=172.16.1.10 service=l2tp
 
/interface l2tp-server server set authentication=mschap2 default-profile=profile1 enabled=yes ipsec-secret="<psk>" use-ipsec=required
/interface l2tp-server add name=l2tp-in1 user=<username>
 
/ip ipsec proposal add auth-algorithms=sha512 enc-algorithms=aes-256-cbc name=proposal1 pfs-group=modp8192
/ip ipsec policy add dst-address=0.0.0.0/0 proposal=proposal1 src-address=10.1.0.0/24 template=yes
/ip ipsec profile add dh-group=modp8192 enc-algorithm=aes-256 name=profile1
 
/ip route add comment=ClientSiteNetwork1 distance=1 dst-address=10.0.0.0/24 gateway=172.16.1.10
/ip route add comment=ClientSiteNetwork2 distance=1 dst-address=10.0.1.0/24 gateway=172.16.1.10
 
/ip firewall filter add action=drop chain=forward in-interface=!ether4 out-interface=l2tp-in1
/ip firewall filter add action=drop chain=forward in-interface=l2tp-in1 out-interface=!ether4
client
/interface l2tp-client add connect-to=<ServerIP> disabled=no ipsec-secret="<psk>" name=l2tp-out1 password=<password> use-ipsec=yes user=<username>
/ip route add comment=ServerSideNetwork distance=1 dst-address=10.1.0.0/24 gateway=10.1.0.1

Discussion

Enter your comment:
K Y​ S Q B
 
mikrotik/conf/l2tp_ipsec.txt · Last modified: 2020/09/14 11:48 by tplecko