I need help about L2TP vs Firewall

Xelmep · January 17, 2023, 1:57pm

Dear all,
i have two mikrotik routers, and on the both i have setted as Server and Client. Now at first i have Firewall installed with Anti Ddos attacks from this links:
https://help.mikrotik.com/docs/display/ROS/Basic+Concepts
https://help.mikrotik.com/docs/pages/viewpage.action?pageId=28606504
now firewall i too agressive and i can not connect to and router can not connect to the secund router and first router can not connected to second router over L2TP/IPSEC VPN

what i need to do to open VPN Transfer?
Thank you

anav · January 17, 2023, 10:10pm

Your anti DDOS are rules you have because???

a. you are often attacked
b. you saw it on a youtube video??

THe MT routers are not designed as edge routers and DDOS is really the area your ISP should focus. If they cannot stop it, then your router will not be able to.

All to say is modify your firewall rules back to something simpler/cleaner
input and forward chains…
Keep- Useful default rules
Add- required user rules for admin/traffic purposes ( what is allowed )
Drop- all else.

Xelmep · January 18, 2023, 6:16am

I have too much Flooding on my router, too much invalid login.
I thing i need to do it, but i am not shure is thet right.
I have too many viedeos researched but i have not right solution founded, i had just winbox port oppened, but VPN is still closed.
I have all my local ip added to allowed list and again nothing.
Do you have any solution for another firewall rulles?
Thank you

anav · January 18, 2023, 1:42pm

What I would need to see is your full config, to review and make recommendations.

/export file=anynameyouwish ( minus router serial # and any public WANIP information etc…)

Also a bit of information on the network, type of ISP, private/public IP to your router?
What do you need to have open to the internet ( servers ?? )

Xelmep · January 18, 2023, 4:37pm

Thank you anav,
i have already solved my problem over another firewall rulles creating blacklist of ip addresses, where are invalid logins or flooding and i have created more filters, now i have just little problem, firewall added to black list some local IP address on port 80,
My question is, how to skip all my local addresses from firewall, because i use VPN between 2 mikrotik routers and 4 lan networks. (i have 192.168.1.0/24; 10.1.10.0/24; 192.168.178.0/24 and 10.1.100.0/24)
i need to use for vpn connection included 4 local networks 2x2.