94
edits
User:TomJepp/RouterOS L2TP: Difference between revisions
no edit summary
(→TODO) |
No edit summary |
||
|
This guide was written by the A&A community & was tested using RouterOS 7.16.1 on a [https://mikrotik.com/product/hap_ax2 hAP ax2]. It should also work well with other affordable Mikrotik routers - such as the [https://mikrotik.com/product/hap_ac2 hAP ac2], the [https://mikrotik.com/product/RB750Gr3 hEX], or the [https://mikrotik.com/product/hex_2024 hEX Refresh]. Very low end routers such as the [https://mikrotik.com/product/RB941-2nD hAP Lite] may work, but are not recommended.
For expected performance:
* '''RB4011''':
* '''hAP ax2''': you may struggle to reliably hit 600mbit inside the tunnel with a single connection, but with multiple connections it is easily attained.
* '''hAP ac2''':
The RouterOS documentation is available at: https://help.mikrotik.com/docs/
# Go to '''IP, Firewall''' and select the '''Filter Rules''' tab.
# Add a new rule using the '''+''' button. Set the following fields:
##
##
##
## Use the '''Comment''' button to add a comment saying "input: allow
## Save the rule with '''OK'''▼
# Add a new rule:▼
## '''General, Chain''': "forward"▼
## '''General, Connection State''': tick "established" and "related"▼
## '''Action, Action''': "accept"▼
## '''Comment''': "forward: allow established & related traffic"▼
## Save the rule with '''OK'''.▼
# Add a new rule:▼
## '''General, Chain''': "input".▼
## '''Action, Action''': "accept".▼
## Save the rule with '''OK'''.
# Add a new rule:
## '''Action, Action''': "accept"
## '''Comment''': "forward: allow all from L2TP LAN"
▲## Save the rule with '''OK'''.
▲# Add a new rule:
▲## '''General, Chain''': "input"
▲## '''General, Connection State''': tick "established" and "related"
▲## '''Action, Action''': "accept"
▲## '''Comment''': "input: allow established & related traffic"
▲## Save the rule with '''OK'''
▲# Add a new rule:
▲## '''General, Chain''': "forward"
## '''General, Connection State''': tick "established" and "related"▼
▲## '''Action, Action''': "accept"
▲## '''Comment''': "forward: allow established & related traffic"
## Save the rule with '''OK'''.
# Add a new rule:
# Go to '''IPv6, Firewall''' and select the '''Filter Rules''' tab.
# Add a new rule using the '''+''' button. Set the following fields:
▲## '''General, Connection State''': tick "established" and "related"
## '''Action, Action''': "accept"▼
## Use the '''Comment'''
## Save the rule with '''OK'''▼
# Add a new rule:▼
## '''General, Connection State''': tick "established" and "related"▼
## '''Action, Action''': "accept"
## '''Comment''': "forward: allow established & related traffic"▼
## Save the rule with '''OK'''.▼
# Add a new rule:
## '''General, Chain''': "input".
## '''Action, Action''': "accept"
## '''Comment''': "forward: allow all from L2TP LAN"
▲## Save the rule with '''OK'''.
▲# Add a new rule:
▲## '''General, Chain''': "input"
▲## '''General, Connection State''': tick "established" and "related"
▲## '''Action, Action''': "accept"
▲## '''Comment''': "input: allow established & related traffic"
▲## Save the rule with '''OK'''
▲## '''General, Chain''': "forward"
▲## '''Action, Action''': "accept"
▲## '''Comment''': "forward: allow established & related traffic"
## Save the rule with '''OK'''.
# Add a new rule:
| |||