Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

L2TP Client: Routerboard: Difference between revisions

← Older edit
Content deleted Content added
TomJepp (talk | contribs)
96 edits
TomJepp (talk | contribs)
96 edits
 
(3 intermediate revisions by the same user not shown)
Line 27: Line 27:
# Read the whole guide before you start.
# Read the whole guide before you start.
# Make sure your router is running reasonably up to date RouterOS.
# Make sure your router is running reasonably up to date RouterOS.
# Make sure you know your account details provided by A&A for the L2TP connection.
# Make sure you know your account details provided by A&A for the L2TP connection. In particular, you will need the L2TP username and L2TP password. This is a separate username & password to the ones you use to log in to https://control.aa.net.uk. If you're not sure, you can find this on your L2TP service's page on the control pages.
# Check what IP addresses you've been assigned. This guide will assume you have 1x IPv4 assigned (198.51.100.127), and a single IPv6 /64 subnet (2001:8b0:db8:acb1::/64) set up in the Control Pages.
# Check what IP addresses you've been assigned. This guide will assume you have 1x IPv4 assigned (198.51.100.127), and a single IPv6 /64 subnet (2001:8b0:db8:acb1::/64) set up in the Control Pages.
# Make sure you're starting with a freshly factory reset router without any default configuration.
# Make sure you're starting with a freshly factory reset router without any default configuration.
Line 104: Line 104:


We will now create the L2TP tunnel that we'll use to connect to A&A's L2TP server. We'll leave it disabled until after we've set up the Firewall, so we don't expose our router to the internet until we're finished configuring it.
We will now create the L2TP tunnel that we'll use to connect to A&A's L2TP server. We'll leave it disabled until after we've set up the Firewall, so we don't expose our router to the internet until we're finished configuring it.

Confirm that you have the right L2TP username and password before you do this section. If you're not sure, you can get these from your L2TP service page on the control pages at https://control.aa.net.uk


# From the WinBox menu, open '''Interfaces''', and use the '''+''' button to add a new "L2TP Client".
# From the WinBox menu, open '''Interfaces''', and use the '''+''' button to add a new "L2TP Client".
Line 453: Line 455:
add action=masquerade chain=srcnat comment=\
add action=masquerade chain=srcnat comment=\
"NAT: masquerade 192.168.88.0/24 to l2tp-aaisp's address" out-interface=\
"NAT: masquerade 192.168.88.0/24 to l2tp-aaisp's address" out-interface=\
!bridge-l2tp-lan src-address=192.168.88.0/24
l2tp-aaisp src-address=192.168.88.0/24
/ipv6 address
/ipv6 address
add address=2001:8b0:db8:acb1::1 interface=bridge-l2tp-lan
add address=2001:8b0:db8:acb1::1 interface=bridge-l2tp-lan
Line 548: Line 550:
add action=masquerade chain=srcnat comment=\
add action=masquerade chain=srcnat comment=\
"NAT: masquerade 192.168.88.0/24 to l2tp-aaisp's address" out-interface=\
"NAT: masquerade 192.168.88.0/24 to l2tp-aaisp's address" out-interface=\
!bridge-l2tp-lan src-address=192.168.88.0/24
l2tp-aaisp src-address=192.168.88.0/24
/ipv6 address
/ipv6 address
add address=2001:8b0:db8:acb1::1 interface=bridge-l2tp-lan
add address=2001:8b0:db8:acb1::1 interface=bridge-l2tp-lan
Line 611: Line 613:
* '''[https://mikrotik.com/product/hap_ax2 hAP ax2]''': approx 450mbit max with a single connection, 500-600mbit with multiple connections
* '''[https://mikrotik.com/product/hap_ax2 hAP ax2]''': approx 450mbit max with a single connection, 500-600mbit with multiple connections
* '''[https://mikrotik.com/product/hap_ac2 hAP ac2]''': approx 350-400mbit max with a single connection, approx 450mbit max with multiple connections
* '''[https://mikrotik.com/product/hap_ac2 hAP ac2]''': approx 350-400mbit max with a single connection, approx 450mbit max with multiple connections

== Common issues ==

* If you complete the configuration but are unable to route any traffic - eg when trying to ping 8.8.8.8 from a device behind your new router you get an "unreachable" error response, double check that you are using the correct password for your L2TP service. It is not the same password as you use to log in to the control pages at https://control.aa.net.uk
Retrieved from "http://support.aa.net.uk/L2TP_Client:_Routerboard"