L2TP not working via WAN

RouterOS General
1

Hi, I’ve setup L2TP as a VPN server, I can connect via LAN and everything works well, however when connecting to WAN I can’t connect.
Am I missing a firewall rule?

add action=drop chain=input comment="Drop Ping from WAN" in-interface=ether1-WAN protocol=icmp
add action=accept chain=input comment="defconf: accept ICMP" log-prefix=icmp protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1-WAN log-prefix=\
    "drop all from wan - input"
add action=drop chain=forward dst-address=192.168.100.0/24 in-interface=vlan10_Guest
add action=drop chain=forward out-interface=vlan10_Guest src-address=192.168.100.0/24
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log-prefix="drop invalid"
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1-WAN log-prefix="drop from wan not dstnated"
add action=drop chain=forward comment="drop all inter-VLAN traffic" in-interface=all-vlan out-interface=all-vlan

Thanks

2

Hey. It depends how you’re going to manage this conenction:
Do you have global IP from ISP? Do you using pure L2TP without IPsec?

3

I have a dynamic DNS hostname and I’m using L2TP + IPSec

update I just tested it again and its all working now from the WAN side as well. Not sure what happened.

Cheers

4

If you did drop your link, probably it was a NATed IP of your ISP :slight_smile: