Hi all,
I have already tried to set a VPN server on my configuration.
But it wasn’t a success since my external IP on the WWW but good with a local IP.
Here my configuration with no VPN server.
Can you give me some advices ? Thanks a lot.
I already have a L2TP tunneling connection with an external server.
/interface bridge
add name=Loopback0
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=2427 mode=ap-bridge ssid=H wps-mode=disabled
set [ find default-name=wlan2 ] disabled=no mode=ap-bridge ssid=5Ghz
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=LAN ranges=10.0.19.10-10.0.19.200
/ip dhcp-server
add address-pool=LAN disabled=no interface=bridge1 name=LAN
/interface l2tp-client
add allow=mschap2 allow-fast-path=yes connect-to=82.64.140.20 disabled=no name=l2tp0 profile=default user=userg_cust
add allow=mschap2 allow-fast-path=yes connect-to=82.64.140.21 disabled=no name=l2tp1 profile=default user=userg_cust
/routing bgp instance
set default disabled=yes
add as=65113 client-to-client-reflection=no name=AS64102_V4 redistribute-other-bgp=yes router-id=10.0.19.1 routing-table=vpn
add as=65113 client-to-client-reflection=no name=AS64102_V6 redistribute-other-bgp=yes router-id=12.2.13.122
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/ip settings
set accept-redirects=yes accept-source-route=yes
/interface list member
add interface=l2tp0 list=WAN
add interface=l2tp1 list=WAN
/ip address
add address=10.0.19.1/24 interface=bridge1 network=10.0.19.0
add address=43.69.47.47 interface=Loopback0 network=43.69.47.47
/ip dhcp-client
add disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=10.0.19.0/24 dns-server=124.113.23.15 domain=userg.cust.milky.net gateway=10.0.19.1 netmask=24
/ip dns
set servers=2a0b:cbc0:27::42,124.113.23.15,9.9.9.9
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=forward
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=vpn passthrough=yes src-address=10.0.19.0/24
add action=change-mss chain=forward new-mss=1410 out-interface=l2tp1 passthrough=no protocol=tcp tcp-flags=syn tcp-mss=1411-65535
add action=change-mss chain=forward in-interface=l2tp1 new-mss=1410 passthrough=no protocol=tcp tcp-flags=syn tcp-mss=1411-65535
/ip firewall nat
add action=src-nat chain=srcnat comment="L2TP Milky" out-interface=l2tp0 src-address=10.0.19.0/24 to-addresses=43.69.47.47
add action=src-nat chain=srcnat comment="L2TP Milky" out-interface=l2tp1 src-address=10.0.19.0/24 to-addresses=43.69.47.47
add action=dst-nat chain=dstnat comment="Service - server" dst-address=43.69.47.47 dst-port=XXXX protocol=tcp to-addresses=10.0.19.200 to-ports=XXXX
add action=dst-nat chain=dstnat comment="Service - server" dst-address=43.69.47.47 dst-port=XXXX protocol=tcp to-addresses=10.0.19.200 to-ports=XXXX
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WAN
add action=src-nat chain=srcnat out-interface-list=WAN to-addresses=43.69.47.47
add action=masquerade chain=srcnat comment=HAIRPIN-NAT dst-address=10.0.19.0/24 src-address=10.0.19.0/24
/ip route rule
add action=lookup-only-in-table dst-address=10.0.19.0/24 table=main
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ipv6 address
add address=2a0b:cbc3:1117:1::1 interface=bridge1
add address=2a0b:cbc0:1::112/126 advertise=no interface=l2tp0
add address=2a0b:cbc0:1::116/126 advertise=no interface=l2tp1
/routing bgp network
add network=10.0.19.0/24 synchronize=no
add network=2a0b:cbc3:1117::/48 synchronize=no
add network=43.69.47.47/32 synchronize=no
/routing bgp peer
add in-filter=transit-in-54132-brs-v4 instance=AS64102_V4 name="Transit: Milky brs [IPv4]" out-filter=transit-out-54132-brs-v4 remote-address=12.2.13.22 remote-as=65016 ttl=default
add address-families=ipv6 in-filter=transit-in-54132-brs-v6 instance=AS64102_V6 name="Transit: Milky BRS [IPv6]" out-filter=transit-out-54132-brs-v6 remote-address=2a0b:cbc0:1::111 remote-as=65016 \
ttl=default
add address-families=ipv6 in-filter=transit-in-54132-vnx-v6 instance=AS64102_V6 name="Transit: Milky VNX (Backup) [IPv6]" out-filter=transit-out-54132-vnx-v6 remote-address=2a0b:cbc0:1::115 remote-as=\
65012 ttl=default
add in-filter=transit-in-54132-vnx-v4 instance=AS64102_V4 name="Transit: Milky vnx [IPv4]" out-filter=transit-out-54132-vnx-v4 remote-address=10.1.0.137 remote-as=65012 ttl=default
/routing filter
add action=accept chain=transit-in-54132-vnx-v4 set-bgp-prepend=2
add chain=---
add action=accept chain=transit-out-54132-vnx-v4 prefix=10.0.19.0/24 set-bgp-prepend=2
add action=accept chain=transit-out-54132-vnx-v4 prefix=43.69.47.47 set-bgp-prepend=2
add action=discard chain=transit-out-54132-vnx-v4
add chain=---
add action=accept chain=transit-in-54132-vnx-v6 set-bgp-prepend=2
add chain=---
add action=accept chain=transit-out-54132-vnx-v6 prefix=2a0b:cbc3:1117::/48 set-bgp-prepend=2
add action=discard chain=transit-out-54132-vnx-v6
add chain=---
add chain=---
add chain=---
add action=accept chain=transit-in-54132-brs-v4
add chain=---
add action=accept chain=transit-out-54132-brs-v4 prefix=10.0.19.0/24
add action=accept chain=transit-out-54132-brs-v4 prefix=43.69.47.47
add action=discard chain=transit-out-54132-brs-v4
add chain=---
add action=accept chain=transit-in-54132-brs-v6
add chain=---
add action=accept chain=transit-out-54132-brs-v6 prefix=2a0b:cbc3:1117::/48
add action=discard chain=transit-out-54132-brs-v6
/system routerboard settings
set auto-upgrade=yes boot-protocol=dhcp silent-boot=yes