Hello
I’m new with the Mikrotik devices and would have a hopefully fairly basic question which I would appreciate if someone could assist me with.
When setting up L2TP with IPSEC, what is the relationship between setting it in the following locations:
1: /interface l2tp-server server
2: /ip ipsec peer
The first seem like a natural option for a quick setup, but doesn’t give me the options to specify the connection parameters (like encryption)
The second location allows me to specify “everything” but I can’t see how it links to the l2tp-server.
L2tp as well as any other tunnel is not linked to Ipsec in RouterOS. Router decides whether packet will be ipsec encapsulated based on ipsec policies, which either are dynamically generated in case of road warrior servers or added manually.
So just to make sure that I have understood it correctly. If I check the “Use ipsec” under the l2tp server in the GUI,
it will dynamically create a default ipsec peer which then upon connection generates a policy that will be used.
What happens if I create a custom ipsec peer additional to the automatically generated (exactly like the default, but with other encryption options)?
Which will it then chose and based on what (if both use src /0 ) ?
And finally, do I need to check the “Use ipsec” under the l2tp server in the GUI to use ipsec, or can I just create a
peer and proposal (auto generated policy) that would then be selected?
I just got 4 Mikrotik devices to experiment with and I love the flexibility although I’m still a bit lost with how some features work..
You can use the IPsec option in a tunnel interface, then look what IPsec Peer has been created, make notes,
remove the IPsec option from the interface and create the same IPsec Peer. It will be used by the tunnel interface
just like the auto-created Peer. But then you can change some options.
