Professional Documents
Culture Documents
IP > Pool
Name: L2TP-Pool
Adresses: 192.168.12.20 - 192.168.12.99
Next Pool: None
L2TP Configuration
1. Configure L2TP Profile
Before adding a new L2TP Server, we need to add a new L2TP Profile. We can use also the
default one, but I don’t like to mix things.
Name: l2tp-profile
Local Address: L2TP-Pool
Remote Address: L2TP-Pool
DNS Server: 8.8.8.8
Change TCP MSS: yes
Use Encryption: required
2. Add a L2TP-Server
Enabled: Checked
Max MTU: 1460
Max MRU: 1460
Keepalive Timeout: 30
Default Profile: l2tp-profile
Authentication: mschap2
Use IPsec: Checked
IPsec Secret: MYKEY
Enabled: Checked
Name: MYUSER
Password: MYPASSWORD
Service: l2tp
Profile: l2tp-profile
IPsec Configuration
On IPsec configuration, you can use the default configuration (like Proposals) but I would
suggest to let those as default and add your new ones. In case that you already have some IPsec
configuration which is already working and using the default configuration we don’t want to mess
with that.
1. IPsec Proposals
Name: L2TP-Proposal
Auth. Algorithm: sha1
Encr. Algorithm: 3des, aes-256 cbc
PFS Group: none
2. IPsec Peers
Address: 0.0.0.0
Auth. Method: pre shared key
Secret: MYKEY
Policy Template Group: default
Exchange Mode: main l2tp
Send Initial Contact: Checked
NAT Traversal: Checked
My ID: auto
Proposal check: obey
Hash Algorithm: sha1
Encryption Algorithm: 3des, aes-256
DH Group: modp1024
Generate policy: port override
IMPORTANT
The value of the Secret field above, MUST be the same as in L2TP Configuration, Step 2.
Also, if your RouterOS support only one encryption algorithm, then pick 3des.
3. IPsec Policies
Enabled: Checked
Src. Address: ::/0
Dst. Address: ::/0
Protocol: 255(all)
Template: Checked
Group: default
Action: encrypt
Level: require
IPsec Protocols: esp
Tunnel: Not checked
SA Src. Address: 0.0.0.0
SA Dsr. Address: 0.0.0.0
Proposal: L2TP-Proposal
ip firewall filter