User:TomJepp/RouterOS L2TP: Difference between revisions

Line 221:

# Click '''Enable'''.

# Change to the '''Status''' tab, and you should see your L2TP tunnel connect. You should see your assigned IPv4 address in the '''Local Address''' field, and "81.187.81.187" in '''Remote Address'''.

== CLI config example ==

This config example is more useful for RouterOS experts:

<pre>

/interface bridge add name=bridge-l2tp-lan

/ip pool add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254

/ip dhcp-server add address-pool=dhcp_pool0 interface=bridge-l2tp-lan name=dhcp1

/interface l2tp-client add add-default-route=yes connect-to=l2tp.aa.net.uk disabled=no name=l2tp-aaisp profile=default use-peer-dns=exclusively user=example@a.1

/interface bridge port add bridge=bridge-l2tp-lan interface=ether2

/interface bridge port add bridge=bridge-l2tp-lan interface=ether3

/interface bridge port add bridge=bridge-l2tp-lan interface=ether4

/interface bridge port add bridge=bridge-l2tp-lan interface=ether5

/ip address add address=192.168.88.1/24 interface=bridge-l2tp-lan network=192.168.88.0

/ip dhcp-client add default-route-distance=255 interface=ether1

/ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1

/ip dns set allow-remote-requests=yes

/ip firewall filter add action=accept chain=input comment="input: allow all ICMP" protocol=icmp

/ip firewall filter add action=accept chain=input comment="input: allow all from L2TP LAN" in-interface=bridge-l2tp-lan

/ip firewall filter add action=accept chain=forward comment="forward: allow all from L2TP LAN" in-interface=bridge-l2tp-lan

/ip firewall filter add action=accept chain=input comment="input: allow established & related traffic" connection-state=established,related

/ip firewall filter add action=accept chain=forward comment="forward: allow established & related traffic" connection-state=established,related

/ip firewall filter add action=drop chain=input comment="input: drop all remaining traffic"

/ip firewall filter add action=drop chain=forward comment="forward: drop all remaining traffic"

/ip firewall mangle add action=change-mss chain=forward comment="TCP: clamp MSS to PMTU" new-mss=clamp-to-pmtu out-interface=l2tp-aaisp passthrough=yes protocol=tcp tcp-flags=syn

/ip firewall nat add action=masquerade chain=srcnat comment="NAT: masquerade 192.168.88.0/24 to l2tp-aaisp's address" out-interface=l2tp-aaisp src-address=192.168.88.0/24

/ipv6 address add address=::1 from-pool=pool-aaisp-ipv6 interface=bridge-l2tp-lan

/ipv6 dhcp-client add add-default-route=yes interface=l2tp-aaisp pool-name=pool-aaisp-ipv6 prefix-hint=::/64 request=address,prefix

/ipv6 firewall filter add action=accept chain=input comment="input: allow all ICMP" protocol=icmpv6

/ipv6 firewall filter add action=accept chain=forward comment="forward: allow all ICMP" protocol=icmpv6

/ipv6 firewall filter add action=accept chain=input comment="input: allow all from L2TP LAN" in-interface=bridge-l2tp-lan

/ipv6 firewall filter add action=accept chain=forward comment="forward: allow all from L2TP LAN" in-interface=bridge-l2tp-lan

/ipv6 firewall filter add action=accept chain=input comment="input: allow established & related traffic" connection-state=established,related

/ipv6 firewall filter add action=accept chain=forward comment="forward: allow established & related traffic" connection-state=established,related

/ipv6 firewall filter add action=accept chain=input comment="input: allow DHCPv6-PD" dst-port=546 protocol=udp

/ipv6 firewall filter add action=drop chain=input comment="input: drop all remaining traffic"

/ipv6 firewall filter add action=drop chain=forward comment="forward: drop all remaining traffic"

/ipv6 firewall mangle add action=change-mss chain=forward comment="TCP: clamp MSS to PMTU" new-mss=clamp-to-pmtu out-interface=l2tp-aaisp passthrough=yes protocol=tcp tcp-flags=syn

/ipv6 firewall mangle add action=accept chain=forward

/system clock set time-zone-name=Europe/London

/system note set show-at-login=no

/system routerboard settings set auto-upgrade=yes

</pre>