I have a Mikrotik Rb450G already setup and now wanting to add VPN service. Do I have to setup PPP/profile/Service - user/password/L2TP or can I just enable L2TP Server then setup under IP/IPSec the service with pre-shared password etc, then under Firewall filter enable input chain>protocol>UDP>DST Ports>500/1701/4500 however, under Advance I would include the SRC Mac address of my laptop! Also, could I add more mac addresses later, such as an iPad?
The VPN is to connect to my home office as the only user from places such as coffee shop, friends or family homes.
Thank you Rextended for responding and for the hint…that would be okay as I am the only person who would be connecting. However, can you comment on the rest of my question…I would really appreciate it…thanks again!
Not true. One client will be able to connect only if more than one client sitting behind the same NATed router and tries to connect to the same server.
In other cases number of connected clients is not limited.
Thanks for the response; however, most responses have nothing to do with answering my question except Jaytcsd’s attempt. I am glad for the clarification regarding the amount of client’s ability to connect via L2TP/Ipsec.
I really want to use the Mac Address of my laptop in conjunction with the pre-shared key and wanted to include that in the firewall filter. I noticed in one of Jaytcsd’s image that an interface had been used for the inclusion of the Mac Address. So, in that case, I have an extra VLAN interface available that I could contemplate, but still include the Mac Address in the firewall filter. Also, the client would be an Apple’s MacBook Pro.
Thank you Mikrotik Support (MRZ) and Jaytcsd for responding. Of course, I had to look up SSTP and found out it means Secure Socket Tunneling Protocol…so I learned something new today. I also began to understand why my original idea wouldn’t work. I also must say that I am impressed with Jaytcsd’s firewall setup example and I’ll use the examples in the next few days to set up my VPN. I’ll touch base then if all is good or ask more questions.
if i create L2tp+Ipsec VPN server and make 15 user then they connected from 15 Desktop PC at office that have 1 IP public and i gateway ( Network LAN on same NAT ), is this possible that they all connected to the VPN L2tp+IPsec server ?
Okay, I am almost complete the VPN over L3TP/IPsec…just stuck on small detail. I am using OS v6.11 and there isn’t the box to check generate policy…instead one has the option to select No, Port Override, or Port Strict. So. that where I am stuck and wondered if I need to to setup policy manually. I know that in Policies > Action, I need to check tunnel because I am not doing transport mode and in my case, SA Src Address is any and SA Dst Address is my ISP IP address…BUT, do also add the same info in Policies > General?
Okay, upon read the latest modification to IPsec, I see that Port Override is the “old behavior.” Does that mean by selecting that would generate policy automatically? I wish there would be an example for VPN over L2TP/IPsec that connects to home from anywhere as more, and more folks seek to check in on security cameras or home server. Most examples I have seen are connecting home to an office with a known IP address.
Can someone please respond regarding o the screen shot regarding policy in RouterOS 6.11!
