Multiple L2TP/IPsec peers (and multiple public IPs)

lament · June 2, 2013, 12:18pm

Hi folks!

I want to use L2TP/IPsec with multiple peers but I’m stuck with the “only one 0.0.0.0/0” problem. Ok, it is a design limitation but I’ve got multiple public IP addresses so I can use different IP address for each of the peers. How to configure this? Or do I have to fill up a feature request to Mikrotik about it? I’m using ROS 5.22 level 5.

An example what I’d like to achieve:

clients connecting to X.Y.Z.1 with L2TP password “psk1”
clients connecting to X.Y.Z.10 with L2TP password “psk10”
clients connecting to X.Y.Z.100 with L2TP password “psk100”
etc

Thanks for help!

mrz · June 3, 2013, 10:30am

Not possible with regular psk.

If you want unique password for every client use Xauth which is now supported in version 6.

lament · June 3, 2013, 11:53am

mrz, thanks for the prompt response. Is this xauth mode only related to the server or does it also affect the client in any way? Or to be more specific - is this xauth mode compatible with Windows 7+ built-in VPN clients?

mrz · June 3, 2013, 12:07pm

As far as I know windows built in client does not support xauth. You can use Srew client for pure ipsec connection (no L2TP).