I’ve been testing an openwrt router for the last few weeks to see how cake sqm performs compared to routeros - and it’s pretty awesome, so I’ve decided to stick with it for longer.
A major downside to openwrt(aside from not having winbox) is that it doesn’t have a good vpn server implementation. After some trial and error(there aren’t any guides for this) I’ve set up a spare routerboard as a standalone l2tp server behind the main router.
I’m able to connect to my network with both android and ios, but osx doesn’t seem to work. I was previously able to connect to it when the mikrotik as the main router so I’m not sure if it’s the config or an issue with apple. Also, I’m questioning whether I need any firewall rules on the mikrotik(there are none) or if I’m missing anything else that might be compromising security?
The mikrotik code is fairly simple - essentially configured as a switch with a vpn server on it:
/interface bridge
add name=bridge1
/ip pool
add name=vpn-pool ranges=192.168.1.40-192.168.1.50
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=vpn-pool name=vpn-profile remote-address=vpn-pool use-encryption=yes
/interface bridge port
add bridge=bridge1 interface=all
/interface l2tp-server server
set authentication=mschap2 default-profile=vpn-profile enabled=yes ipsec-secret=pass use-ipsec=required
/ip address
add address=192.168.1.2/24 interface=bridge1 network=192.168.1.0
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.40-192.168.1.50
/ip route
add distance=1 gateway=192.168.1.1
/ppp secret
add name=vpn-user password=pass profile=vpn-profile
Openwrt firewall rules are untouched, with only these port forward rules added for the mikrotik vpn server:
