I need to build a vpn, connecting using L2tp / ipsec with pre-shared key. Our mikrotik is v6.15, and is the client.
Configuring Windows client is easy but I can't understand how to configure our mikrotik as l2tp client.
this is the windows config properties.
Device Name = Wan miniport l2tp
Device type = vpn
Server type= ppp
Transport= TCP/IP
Authentication=PAP
IPSEC Encryption= IPSec.ESP 3DES
Compression= none
PPP multilink framing=off
Server IP Address=190.216.150.174
Client IP Addres=192.168.65.83
User=Myuser
Password=Mypassword
ipsec with pre-shared key = 12335566
Re: L2tp / ipsec client vpn
Take the client config part from this document http://wiki.mikrotik.com/wiki/L2TP_%2B_ ... ik_routers.
Re: L2tp / ipsec client vpn
Thanks for reply, I follow the example, but not working.
Re: L2tp / ipsec client vpn
Then you are going to have to give us more information. Telling us "Tried that. Didn't work." is not a useful diagnostic. :)
Show us the configuration you made on the client.
Please remove the actual secrets and passwords.
Show us the configuration you made on the client.
Code: Select all
/int l2tp-client export
/ppp export
/ip ipsec export
...
Re: L2tp / ipsec client vpn
Thank you very much, for asking
here are the info.
one thing, when I run windows l2tp/ipsec setup, only one ip address ask me, the gateway ip address. But here I need more ip address.
Other strange thing is when I activate the interface l2tp-BL one ip address appear address=10.64.64.63 /network=10.112.112.111
no matter what ip address I set in sa-src-addrress or sa-dst-address allways shows the same 10.64.64.63 / 10.112.112.111
here is my config:
/interface l2tp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=\
190.2XX.XX.64 dial-on-demand=yes disabled=no keepalive-timeout=60 \
max-mru=1460 max-mtu=1460 mrru=disabled name=l2tp-BL password=MYpassword \
profile=default-encryption user=MYuser
/ppp Nothing to export
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=10.1.2.100-10.1.2.110
/ip address
add address=10.1.2.117/24 comment="default configuration" interface=\
ether2-master-local network=10.1.2.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server
add address-pool=default-dhcp always-broadcast=yes disabled=no interface=\
ether2-master-local name=default
/ip dhcp-server network
add address=10.1.2.0/24 gateway=10.1.2.117
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=\
8.8.8.8,200.80.241.94
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1 to-addresses=0.0.0.0
/ip ipsec peer
add address=192.168.0.0/16 disabled=yes enc-algorithm=3des hash-algorithm=md5 \
secret=MyPreShaKey
add address=190.2XX.XX.64/32 disabled=yes dpd-interval=disable-dpd \
dpd-maximum-failures=1 enc-algorithm=3des nat-traversal=yes port=443 \
secret=MyPreShaKey
add address=190.2XX.XX.64/32 enc-algorithm=3des exchange-mode=main-l2tp \
nat-traversal=yes policy-group=default secret=MyPreShaKey
add address=10.112.112.111/32 dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=3des secret=MyPreShaKey
/ip ipsec policy
add dst-address=192.168.253.0/24 sa-dst-address=10.112.112.111 \
sa-src-address=10.64.64.63 src-address=10.1.2.117/32 tunnel=yes
add dst-address=190.2XX.XX.64/32 level=use sa-dst-address=192.168.65.84 \
sa-src-address=192.168.65.83 src-address=10.1.2.0/24 tunnel=yes
add dst-address=192.168.253.0/24 sa-dst-address=10.112.112.111 \
sa-src-address=10.64.64.63 src-address=10.1.2.0/24 tunnel=yes
/ip route
add disabled=yes distance=1 gateway=ether1-gateway
add distance=1 dst-address=192.168.253.0/24 gateway=10.112.112.111
here are the info.
one thing, when I run windows l2tp/ipsec setup, only one ip address ask me, the gateway ip address. But here I need more ip address.
Other strange thing is when I activate the interface l2tp-BL one ip address appear address=10.64.64.63 /network=10.112.112.111
no matter what ip address I set in sa-src-addrress or sa-dst-address allways shows the same 10.64.64.63 / 10.112.112.111
here is my config:
/interface l2tp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=\
190.2XX.XX.64 dial-on-demand=yes disabled=no keepalive-timeout=60 \
max-mru=1460 max-mtu=1460 mrru=disabled name=l2tp-BL password=MYpassword \
profile=default-encryption user=MYuser
/ppp Nothing to export
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=10.1.2.100-10.1.2.110
/ip address
add address=10.1.2.117/24 comment="default configuration" interface=\
ether2-master-local network=10.1.2.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server
add address-pool=default-dhcp always-broadcast=yes disabled=no interface=\
ether2-master-local name=default
/ip dhcp-server network
add address=10.1.2.0/24 gateway=10.1.2.117
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=\
8.8.8.8,200.80.241.94
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1 to-addresses=0.0.0.0
/ip ipsec peer
add address=192.168.0.0/16 disabled=yes enc-algorithm=3des hash-algorithm=md5 \
secret=MyPreShaKey
add address=190.2XX.XX.64/32 disabled=yes dpd-interval=disable-dpd \
dpd-maximum-failures=1 enc-algorithm=3des nat-traversal=yes port=443 \
secret=MyPreShaKey
add address=190.2XX.XX.64/32 enc-algorithm=3des exchange-mode=main-l2tp \
nat-traversal=yes policy-group=default secret=MyPreShaKey
add address=10.112.112.111/32 dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=3des secret=MyPreShaKey
/ip ipsec policy
add dst-address=192.168.253.0/24 sa-dst-address=10.112.112.111 \
sa-src-address=10.64.64.63 src-address=10.1.2.117/32 tunnel=yes
add dst-address=190.2XX.XX.64/32 level=use sa-dst-address=192.168.65.84 \
sa-src-address=192.168.65.83 src-address=10.1.2.0/24 tunnel=yes
add dst-address=192.168.253.0/24 sa-dst-address=10.112.112.111 \
sa-src-address=10.64.64.63 src-address=10.1.2.0/24 tunnel=yes
/ip route
add disabled=yes distance=1 gateway=ether1-gateway
add distance=1 dst-address=192.168.253.0/24 gateway=10.112.112.111
Who is online
Users browsing this forum: AlanFinotty, mkx and 64 guests