Hey,
So I have my L2TP server setup. I was wondering what rules I need to add to the firewall so that it is accessible? Also is there anything I should do to secure it? Thanks.
-Eric
UDP 1701 is needed for L2TP.
Do you run L2TP/IPSec? If so, there is more.
Yes.
Sent from my SCH-I545 using Tapatalk 2
For IPSec:
UDP 500 – IKE
UDP 4500 – NAT Traversal
L4 Proto 50 – IPSec ESP
If desired secure the L2TP server to IPSec client only with this script.
http://wiki.mikrotik.com/wiki/Securing_L2TP_Server_for_IPSec
Sweet. Thanks. If I use the script I only allow port 1701 and the script handles the rest? Is that right? Thanks.
Allow all the specified ports/protocols in input chain in firewall.
Only allow UDP 1701 from the address-list, as per instructions on the script page.
Ok. Last question. How do I allow L4 proto 50? Thanks for your help.
Sent from my SCH-I545 using Tapatalk 2
Modify according to your needs:
/ip firewall filter add chain=input protocol=50
Thanks
Sent from my SCH-I545 using Tapatalk 2
Came up with one other question. What does the creation of the L2TP-Server Interface do?.. can it be used in firewalling rules? or what is its purpose?
Thanks for the link you gave, its very informative and give a lot.
che:-)
Each time a client connects a dynamic interface is created.
You can create a manual server binding, so the interface of the client is static and can be used in firewall and other things.
No problem.