L2TP IPSEC l2tp-out1 traffic -> wlan1
Posted: Thu Sep 29, 2016 3:20 pm
I try to get internet working on wlan1 interface on our MikroTik Ceiling AP (cAP2n) through l2tp-out1 client interface.
The cAP2n is successfully connected as l2tp ipsec client to our cisco l2tp ipsec server.
Interface l2tp-out1 has internet access, I tried that many times with the internal ping tool.
Eth1 and wlan1 interface can't ping anything in the internet.
I have set up NAT on quick set page and no firewall rules enabled.
I also tried to change NAT without success:
/ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
/ip firewall nat add action=masquerade chain=srcnat out-interface=l2tp-out1
I need internet on wlan1 interface so our students can connect to the wlan with their smartphones.
My config:
Thanks in advance!
The cAP2n is successfully connected as l2tp ipsec client to our cisco l2tp ipsec server.
Interface l2tp-out1 has internet access, I tried that many times with the internal ping tool.
Eth1 and wlan1 interface can't ping anything in the internet.
I have set up NAT on quick set page and no firewall rules enabled.
I also tried to change NAT without success:
/ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
/ip firewall nat add action=masquerade chain=srcnat out-interface=l2tp-out1
I need internet on wlan1 interface so our students can connect to the wlan with their smartphones.
My config:
Code: Select all
# sep/29/2016 06:30:35 by RouterOS 6.37rc40
# software id = Z6MB-JY1T
#
/interface bridge
add admin-mac=mymac auto-mac=no mtu=1500 name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=iran disabled=no distance=indoors frequency=auto mode=ap-bridge \
ssid=Pingo-AP wireless-protocol=802.11 wps-mode=disabled
/interface l2tp-client
add connect-to=172.16.255.254 disabled=no ipsec-secret=mysecret name=\
l2tp-out1 password=mypassword use-ipsec=yes user=myuser
/ip neighbor discovery
set ether1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa-pre-shared-key=mykey \
wpa2-pre-shared-key=mykey
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc pfs-group=none
/ip pool
add name=dhcp ranges=192.168.88.20-192.168.88.200
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=\
dhcp1
/ppp profile
set *FFFFFFFE use-encryption=default
/system logging action
set 1 disk-file-name=log
/interface bridge port
add bridge=bridge-local disabled=yes interface=ether1
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.88.1/24 interface=wlan1 network=192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=Pingo
/system logging
add topics=l2tp
add topics=ipsec
add topics=interface
add topics=system
add topics=firewall
add topics=route
/system routerboard settings
set cpu-frequency=400MHz
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=wlan1
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=wlan1
