Could anyone help me with L2TP server config please?
With current configuration I can connect to the server, get access to internet through it and ping all devices on LAN and VPN clients. But I cant see vpn clients as a computers in Network in Windows or browse their files. Is there anything else to setup?
/interface l2tp-server
add name=l2tp user=user
/interface bridge
add admin-mac=64:D1:54:A6:85:41 arp=proxy-arp auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1WAN
set [ find default-name=ether2 ] name=ether2-master
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
/ip pool
add name=dhcp ranges=192.168.88.100-192.168.88.254
add name=vpn ranges=192.168.88.88/29
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge
/ppp profile
set *FFFFFFFE bridge=bridge dns-server=8.8.8.8 local-address=192.168.88.1 remote-address=vpn use-encryption=default
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf hw=no interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=Donal2017! use-ipsec=yes
/interface list member
add interface=ether2-master list=discover
add interface=wlan1 list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=192.168.88.0
add address=publicIP comment=“wan - public IP” interface=ether1WAN network=publicNW
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment=“allow l2tp” dst-port=1701,500,4500 protocol=udp
add action=accept chain=input comment=ipsec protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
/ip firewall nat
add action=masquerade chain=srcnat comment=“masq. vpn traffic” dst-address=!192.168.88.0/24 out-interface=ether1WAN src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment=“defconf: masquerade” out-interface=ether1WAN
add action=masquerade chain=srcnat src-address=192.168.88.0/24
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024 exchange-mode=main-l2tp generate-policy=port-override secret=secret
/ip route
add distance=1 gateway=public IP
/ppp secret
add name=user password=password profile=default-encryption service=l2tp
Ahh, figured it out. The configuration is correct, just netbios is a broadcast protocol and broadcast is not supported by ipsec..