Scribd Logo
Upload

Welcome to Scribd!

  • Mikrotik L2TP With IPsec For Mobile Clients

    Uploaded by

    Марио Иванов
    180 views3 pages
    Mikrotik L2TP With IPsec for Mobile Clients

    Original Title

    Mikrotik L2TP With IPsec for Mobile Clients

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Mikrotik L2TP With IPsec for Mobile Clients

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    180 views3 pages

    Mikrotik L2TP With IPsec For Mobile Clients

    Uploaded by

    Марио Иванов
    Mikrotik L2TP With IPsec for Mobile Clients

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Mikrotik L2TP with IPsec for mobile clients

    Add a new IP Pool

    IP > Pool

    Name: L2TP-Pool
    Adresses: 192.168.12.20 - 192.168.12.99
    Next Pool: None

    L2TP Configuration
    1. Configure L2TP Profile

    Before adding a new L2TP Server, we need to add a new L2TP Profile. We can use also the
    default one, but I don’t like to mix things.

    PPP > Profiles

    Name: l2tp-profile
    Local Address: L2TP-Pool
    Remote Address: L2TP-Pool
    DNS Server: 8.8.8.8
    Change TCP MSS: yes
    Use Encryption: required

    2. Add a L2TP-Server

    PPP > Interface > L2TP Server

    Enabled: Checked
    Max MTU: 1460
    Max MRU: 1460
    Keepalive Timeout: 30
    Default Profile: l2tp-profile
    Authentication: mschap2
    Use IPsec: Checked
    IPsec Secret: MYKEY

    3. Add PPP Secrets

    PPP > Secrets

    Enabled: Checked
    Name: MYUSER
    Password: MYPASSWORD
    Service: l2tp
    Profile: l2tp-profile

    IPsec Configuration
    On IPsec configuration, you can use the default configuration (like Proposals) but I would
    suggest to let those as default and add your new ones. In case that you already have some IPsec
    configuration which is already working and using the default configuration we don’t want to mess
    with that.

    1. IPsec Proposals

    Name: L2TP-Proposal
    Auth. Algorithm: sha1
    Encr. Algorithm: 3des, aes-256 cbc
    PFS Group: none

    2. IPsec Peers

    Address: 0.0.0.0
    Auth. Method: pre shared key
    Secret: MYKEY
    Policy Template Group: default
    Exchange Mode: main l2tp
    Send Initial Contact: Checked
    NAT Traversal: Checked
    My ID: auto
    Proposal check: obey
    Hash Algorithm: sha1
    Encryption Algorithm: 3des, aes-256
    DH Group: modp1024
    Generate policy: port override

    IMPORTANT

    The value of the Secret field above, MUST be the same as in L2TP Configuration, Step 2.
    Also, if your RouterOS support only one encryption algorithm, then pick 3des.

    3. IPsec Policies

    Enabled: Checked
    Src. Address: ::/0
    Dst. Address: ::/0
    Protocol: 255(all)
    Template: Checked
    Group: default
    Action: encrypt
    Level: require
    IPsec Protocols: esp
    Tunnel: Not checked
    SA Src. Address: 0.0.0.0
    SA Dsr. Address: 0.0.0.0
    Proposal: L2TP-Proposal

    ip firewall filter

    chain=input protocol=ipsec-ah action=accept


    chain=input protocol =ipsec-esp action=accept

    chain=input protocol =udp port=500 action accept


    chain=input protocol =udp port=1701 action accept
    chain=input protocol =udp port=4500 action accept

    You might also like