Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

User:TomJepp/RouterOS L2TP: Difference between revisions

User:TomJepp/RouterOS L2TP (view source)

Revision as of 22:38, 12 November 2024

4,731 bytes added ,  12 November 2024
→‎With a block of IPv4 IPs
=== With a block of IPv4 IPs ===
<pre>
/interface bridge
add name=bridge-l2tp-lan
add name=bridge-l2tp-public
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
/interface l2tp-client
add add-default-route=yes allow-fast-path=yes connect-to=l2tp.aa.net.uk \
disabled=no name=l2tp-aaisp profile=default use-peer-dns=exclusively \
user=example@a.1
/interface bridge port
add bridge=bridge-l2tp-lan interface=ether2
add bridge=bridge-l2tp-lan interface=ether3
add bridge=bridge-l2tp-public interface=ether4
add bridge=bridge-l2tp-public interface=ether5
/ip address
add address=192.168.88.1/24 interface=bridge-l2tp-lan network=192.168.88.0
add address=198.51.100.57/29 interface=bridge-l2tp-public network=\
198.51.100.56
/ip dhcp-client
add default-route-distance=255 interface=ether1
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge-l2tp-lan name=dhcp1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input comment="input: allow all ICMP" protocol=icmp
add action=accept chain=input comment="input: allow all from L2TP LAN" \
in-interface=bridge-l2tp-lan
add action=accept chain=forward comment="forward: allow all from L2TP LAN" \
in-interface=bridge-l2tp-lan
add action=accept chain=input comment=\
"input: allow established & related traffic" connection-state=\
established,related
add action=accept chain=forward comment=\
"forward: allow established & related traffic" connection-state=\
established,related
add action=accept chain=input comment="input: allow UDP DNS from L2TP LAN" \
dst-port=53 in-interface=bridge-l2tp-public protocol=udp
add action=accept chain=input comment="input: allow TCP DNS from L2TP LAN" \
dst-port=53 in-interface=bridge-l2tp-public protocol=tcp
add action=accept chain=forward comment=\
"forward: allow from L2TP public bridge to the internet" in-interface=\
bridge-l2tp-public out-interface=l2tp-aaisp
add action=accept chain=forward comment=\
"forward: allow from the internet to the L2TP public bridge" \
in-interface=l2tp-aaisp out-interface=bridge-l2tp-public
add action=drop chain=input comment="input: drop all remaining traffic"
add action=drop chain=forward comment="forward: drop all remaining traffic"
/ip firewall mangle
add action=change-mss chain=forward comment="TCP: clamp MSS to PMTU" new-mss=\
clamp-to-pmtu out-interface=l2tp-aaisp passthrough=yes protocol=tcp \
tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment=\
"NAT: masquerade 192.168.88.0/24 to l2tp-aaisp's address" out-interface=\
!bridge-l2tp-lan src-address=192.168.88.0/24
/ipv6 address
add address=2001:8b0:db8:acb1::1 interface=bridge-l2tp-lan
add address=2001:8b0:db8:acb2::1 advertise=no interface=bridge-l2tp-public
/ipv6 firewall filter
add action=accept chain=input comment="input: allow all ICMP" protocol=icmpv6
add action=accept chain=forward comment="forward: allow all ICMP" protocol=\
icmpv6
add action=accept chain=input comment="input: allow all from L2TP LAN" \
in-interface=bridge-l2tp-lan
add action=accept chain=forward comment="forward: allow all from L2TP LAN" \
in-interface=bridge-l2tp-lan
add action=accept chain=input comment=\
"input: allow established & related traffic" connection-state=\
established,related
add action=accept chain=forward comment=\
"forward: allow established & related traffic" connection-state=\
established,related
add action=accept chain=input comment="input: allow UDP DNS from L2TP LAN" \
dst-port=53 in-interface=bridge-l2tp-public protocol=udp
add action=accept chain=input comment="input: allow TCP DNS from L2TP LAN" \
dst-port=53 in-interface=bridge-l2tp-public protocol=tcp
add action=accept chain=forward comment=\
"forward: allow from L2TP public bridge to the internet" in-interface=\
bridge-l2tp-public out-interface=l2tp-aaisp
add action=accept chain=forward comment=\
"forward: allow from the internet to the L2TP public bridge" \
in-interface=l2tp-aaisp out-interface=bridge-l2tp-public
add action=drop chain=input comment="input: drop all remaining traffic"
add action=drop chain=forward comment="forward: drop all remaining traffic"
/ipv6 firewall mangle
add action=change-mss chain=forward comment="TCP: clamp MSS to PMTU" new-mss=\
clamp-to-pmtu out-interface=l2tp-aaisp passthrough=yes protocol=tcp \
tcp-flags=syn
add action=accept chain=forward
/system clock
set time-zone-name=Europe/London
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=time.aa.net.uk
/system routerboard settings
set auto-upgrade=yes
</pre>
TomJepp
94

edits

Retrieved from "http://support.aa.net.uk/Special:MobileDiff/17439"