L2TP/IPSec so I can use with Apple sierra and iOS

fevr · March 9, 2017, 12:12am

Hi all,

New to the forum and a beginner really with Mikrotik.

I’ve been happy with my setup but can’t use pptp vpn with Apple devices as they don’t support it now. I’ve tried a few guides on setting up L2TP/IPSec but can’t seem to get it to work. Always get the error “The L2TP-VPN server did not respond.”.

Is there a definitive guide around?

Also would it help if I did an export?

Thanks in advance guys

janus20 · March 9, 2017, 9:48am

Hi,

You could find a guide here :
https://wiki.mikrotik.com/wiki/L2TP_%2B_IPSEC_between_Mikrotik_router_and_a_PC

and main page with other examples here:
https://wiki.mikrotik.com/wiki/Tunnels

If you still have no success please post here your config, by typing into New terminal following command:

/export hide-sensitive

kind regards,

fevr · March 9, 2017, 8:01pm

Thanks Janus,

Great, I’ll give it a try and hopefully I’ll get somewhere.

I’ll let you know how I get on.

Cheers

Fevr

alexandreb · February 1, 2018, 1:17pm

I can’t make it works, is there anyone that could helpme if I post my export?

ToBeFrank · February 3, 2018, 1:30am

Here’s how I did it. Works on both iPhone and MacOS.

# proxy-arp needed on interface for VPN
/interface bridge add name=lan arp=proxy-arp protocol-mode=none
/interface bridge port add bridge=lan interface=ether7
/ip address add address=192.168.1.254/24 interface=lan
# DHCP
/ip pool add name=dhcp-lan ranges=192.168.1.50-192.168.1.150
/ip dhcp-server add address-pool=dhcp-lan disabled=no interface=lan name=dhcp-lan lease-time=1h
/ip dhcp-server network add address=192.168.1.0/24 netmask=24 gateway=192.168.1.254 dns-server=192.168.1.254 domain=lan
# VPN interface
/interface l2tp-server add name=vpn user=<user>
# Firewall
/ip firewall filter add action=accept chain=input protocol=udp dst-port=500,1701,4500 comment="Accept VPN"
/ip firewall filter add action=accept chain=input protocol=ipsec-esp comment="Accept IPSEC"
/ip firewall filter add action=accept chain=input in-interface=vpn comment="Accept VPN to router"
/ip firewall filter add action=accept chain=forward in-interface=vpn src-address-list=lan comment="Accept from VPN"
# L2TP/IPSEC
/ip cloud set ddns-enabled=yes
/interface l2tp-server server set authentication=mschap2 default-profile=default enabled=yes ipsec-secret=<secret> use-ipsec=yes
/ppp profile set *0 dns-server=192.168.1.254 local-address=192.168.1.254 remote-address=dhcp-lan
/ppp secret add name=<user> password=<password>
/ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc
/ip ipsec peer add address=0.0.0.0/0 enc-algorithm=aes-256,aes-128 exchange-mode=main-l2tp generate-policy=port-override secret=<secret>