User:TomJepp/RouterOS L2TP: Difference between revisions
Content deleted Content added
No edit summary |
|||
| Line 8: | Line 8: | ||
This guide was written by the A&A community & was tested using RouterOS 7.16.1 on a [https://mikrotik.com/product/hap_ax2 hAP ax2]. It should also work well with other affordable Mikrotik routers - such as the [https://mikrotik.com/product/hap_ac2 hAP ac2], the [https://mikrotik.com/product/RB750Gr3 hEX], or the [https://mikrotik.com/product/hex_2024 hEX Refresh]. Very low end routers such as the [https://mikrotik.com/product/RB941-2nD hAP Lite] may work, but are not recommended. |
This guide was written by the A&A community & was tested using RouterOS 7.16.1 on a [https://mikrotik.com/product/hap_ax2 hAP ax2]. It should also work well with other affordable Mikrotik routers - such as the [https://mikrotik.com/product/hap_ac2 hAP ac2], the [https://mikrotik.com/product/RB750Gr3 hEX], or the [https://mikrotik.com/product/hex_2024 hEX Refresh]. Very low end routers such as the [https://mikrotik.com/product/RB941-2nD hAP Lite] may work, but are not recommended. |
||
For expected performance: |
|||
* '''RB4011''': |
|||
* '''hAP ax2''': you may struggle to reliably hit 600mbit inside the tunnel with a single connection, but with multiple connections it is easily attained. |
|||
* '''hAP ac2''': |
|||
The RouterOS documentation is available at: https://help.mikrotik.com/docs/ |
The RouterOS documentation is available at: https://help.mikrotik.com/docs/ |
||
| Line 127: | Line 132: | ||
# Go to '''IP, Firewall''' and select the '''Filter Rules''' tab. |
# Go to '''IP, Firewall''' and select the '''Filter Rules''' tab. |
||
# Add a new rule using the '''+''' button. Set the following fields: |
# Add a new rule using the '''+''' button. Set the following fields: |
||
## |
## '''General, Chain''': "input" |
||
## |
## '''General, Connection State''': tick "established" and "related" |
||
## |
## '''Action, Action''': "accept" |
||
## Use the '''Comment''' button to add a comment saying "input: allow |
## Use the '''Comment''' button to add a comment saying "input: allow established & related traffic" |
||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
## Save the rule with '''OK'''. |
## Save the rule with '''OK'''. |
||
# Add a new rule: |
# Add a new rule: |
||
| Line 143: | Line 160: | ||
## '''Action, Action''': "accept" |
## '''Action, Action''': "accept" |
||
## '''Comment''': "forward: allow all from L2TP LAN" |
## '''Comment''': "forward: allow all from L2TP LAN" |
||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
## Save the rule with '''OK'''. |
## Save the rule with '''OK'''. |
||
# Add a new rule: |
# Add a new rule: |
||
| Line 186: | Line 191: | ||
# Go to '''IPv6, Firewall''' and select the '''Filter Rules''' tab. |
# Go to '''IPv6, Firewall''' and select the '''Filter Rules''' tab. |
||
# Add a new rule using the '''+''' button. Set the following fields: |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
## '''Action, Action''': "accept" |
|||
| ⚫ | |||
| ⚫ | |||
# Add a new rule: |
# Add a new rule: |
||
## '''General, Chain''': "input". |
## '''General, Chain''': "input". |
||
| Line 209: | Line 226: | ||
## '''Action, Action''': "accept" |
## '''Action, Action''': "accept" |
||
## '''Comment''': "forward: allow all from L2TP LAN" |
## '''Comment''': "forward: allow all from L2TP LAN" |
||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
# Add a new rule: |
|||
| ⚫ | |||
## '''General, Connection State''': tick "established" and "related" |
|||
| ⚫ | |||
| ⚫ | |||
## Save the rule with '''OK'''. |
## Save the rule with '''OK'''. |
||
# Add a new rule: |
# Add a new rule: |
||