I hope this guide works for you, feel free to post any questions or comments down below. I tested this on Amazon Elastic Compute Cloud (EC2), using t2.micro instance and it worked perfectly fine for me. ip firewall nat add chain=srcnat out-interface= ether1-GTW action=masquerade To use MikroTik VPN Server as Gateway so the VPN clients will have MikroTik’s public IP, you can simply masquerade:
If you have a firewall rule that blocks all traffic, you can add these additional rules to allow L2TP/IPSec to pass through the WANĪdd chain=input action=accept comment="VPN L2TP UDP 500" in-interface= ether1-GTW protocol=udp dst-port=500Īdd chain=input action=accept comment="VPN L2TP UDP 1701" in-interface= ether1-GTW protocol=udp dst-port=1701Īdd chain=input action=accept comment="VPN L2TP 4500" in-interface= ether1-GTW protocol=udp dst-port=4500Īdd chain=input action=accept comment="VPN L2TP ESP" in-interface= ether1-GTW protocol=ipsec-espĪdd chain=input action=accept comment="VPN L2TP AH" in-interface= ether1-GTW protocol=ipsec-ah interface l2tp-server server set authentication=mschap2 default-profile= vpn-profile enabled=yes max-mru=1460 max-mtu=1460 use-ipsec=yes Now that everything is in place, we can simply enable the VPN server and choose the right profile: ip ipsec proposal set enc-algorithms=aes-128-cbc,3des ip ipsec peer add address=0.0.0.0/0 exchange-mode=main-l2tp nat-traversal=yes generate-policy=port-override secret=" yourl2tpsecret" enc-algorithm=aes-128,3des encryption standards, L2TP secret, who can connect, NAT traversal: ppp secret add name=" yourusername" password=" yourpassword" profile= vpn-profile service=anyĬonfigure IPSec settings, i.e.
ppp profile add change-tcp-mss=yes local-address= 172.31.1.1 name= vpn-profile remote-address= vpn-pool dns-server= 172.31.1.1 use-encryption=yes The local subnet, but make sure that your firewall allows the Then create a VPN profile that will determine the IP addresses of the Let’s create a pool of addresses that VPN clients will get once connected: Remember that it’s always a good practice to use a strong password and secret. Pool name for VPN clients is vpn-pool and gives addresses 172.31.2.1-172.31.2.9.If you use static configuration or DHCP client as WAN, use the name of that interface. If you use PPPoE, use the name of your PPPoE connection. WAN connection is PPPoE with the name ether1-GTW.
0 kommentar(er)
