90
edits
User:TomJepp/RouterOS L2TP: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
|
# Click '''Enable'''.
# Change to the '''Status''' tab, and you should see your L2TP tunnel connect. You should see your assigned IPv4 address in the '''Local Address''' field, and "81.187.81.187" in '''Remote Address'''.
== CLI config example ==
This config example is more useful for RouterOS experts:
<pre>
/interface bridge add name=bridge-l2tp-lan
/ip pool add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server add address-pool=dhcp_pool0 interface=bridge-l2tp-lan name=dhcp1
/interface l2tp-client add add-default-route=yes connect-to=l2tp.aa.net.uk disabled=no name=l2tp-aaisp profile=default use-peer-dns=exclusively user=example@a.1
/interface bridge port add bridge=bridge-l2tp-lan interface=ether2
/interface bridge port add bridge=bridge-l2tp-lan interface=ether3
/interface bridge port add bridge=bridge-l2tp-lan interface=ether4
/interface bridge port add bridge=bridge-l2tp-lan interface=ether5
/ip address add address=192.168.88.1/24 interface=bridge-l2tp-lan network=192.168.88.0
/ip dhcp-client add default-route-distance=255 interface=ether1
/ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns set allow-remote-requests=yes
/ip firewall filter add action=accept chain=input comment="input: allow all ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="input: allow all from L2TP LAN" in-interface=bridge-l2tp-lan
/ip firewall filter add action=accept chain=forward comment="forward: allow all from L2TP LAN" in-interface=bridge-l2tp-lan
/ip firewall filter add action=accept chain=input comment="input: allow established & related traffic" connection-state=established,related
/ip firewall filter add action=accept chain=forward comment="forward: allow established & related traffic" connection-state=established,related
/ip firewall filter add action=drop chain=input comment="input: drop all remaining traffic"
/ip firewall filter add action=drop chain=forward comment="forward: drop all remaining traffic"
/ip firewall mangle add action=change-mss chain=forward comment="TCP: clamp MSS to PMTU" new-mss=clamp-to-pmtu out-interface=l2tp-aaisp passthrough=yes protocol=tcp tcp-flags=syn
/ip firewall nat add action=masquerade chain=srcnat comment="NAT: masquerade 192.168.88.0/24 to l2tp-aaisp's address" out-interface=l2tp-aaisp src-address=192.168.88.0/24
/ipv6 address add address=::1 from-pool=pool-aaisp-ipv6 interface=bridge-l2tp-lan
/ipv6 dhcp-client add add-default-route=yes interface=l2tp-aaisp pool-name=pool-aaisp-ipv6 prefix-hint=::/64 request=address,prefix
/ipv6 firewall filter add action=accept chain=input comment="input: allow all ICMP" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="forward: allow all ICMP" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=input comment="input: allow all from L2TP LAN" in-interface=bridge-l2tp-lan
/ipv6 firewall filter add action=accept chain=forward comment="forward: allow all from L2TP LAN" in-interface=bridge-l2tp-lan
/ipv6 firewall filter add action=accept chain=input comment="input: allow established & related traffic" connection-state=established,related
/ipv6 firewall filter add action=accept chain=forward comment="forward: allow established & related traffic" connection-state=established,related
/ipv6 firewall filter add action=accept chain=input comment="input: allow DHCPv6-PD" dst-port=546 protocol=udp
/ipv6 firewall filter add action=drop chain=input comment="input: drop all remaining traffic"
/ipv6 firewall filter add action=drop chain=forward comment="forward: drop all remaining traffic"
/ipv6 firewall mangle add action=change-mss chain=forward comment="TCP: clamp MSS to PMTU" new-mss=clamp-to-pmtu out-interface=l2tp-aaisp passthrough=yes protocol=tcp tcp-flags=syn
/ipv6 firewall mangle add action=accept chain=forward
/system clock set time-zone-name=Europe/London
/system note set show-at-login=no
/system routerboard settings set auto-upgrade=yes
</pre>
| |||