Community discussions

 
STGMavrick
just joined
Topic Author
Posts: 1
Joined: Sat Jul 13, 2019 7:38 pm

Mikrotik as L2TP client to pfsense cloud instance

Sat Jul 13, 2019 8:08 pm

Hello,

I'd consider myself some what of a networking novice. I'm in the automation field and do just enough to get what I need done. I'm trying the "fake it till I make it approach" with getting a L2TP IPsec tunnel working to a cloud instanced private network but I've only been able to get so far before random guessing does more harm than good. I'm not sure what all would be asked for so I'll just list out everything I have configured.

Current setup:
pfsense cloud instance configured L2TP IPsec VPN. --- Windows clients can connect and see the private networked instances behind it. I have devices that can't initiate a VPN connection so I need to setup a site-to-site connection. I chose the Mikrotik HEX lite.

Settings:
pfsense:
LAN: 192.168.0.0/24
L2TP IPsec:
Remote address range: 192.168.10.0/24
CHAP
P1: AES-256, SHA1, DH14
P2: Mode: Transport, AES-128, SHA1, PFS: off

As stated, windows clients connect fine.
Mikrotik is behind a ubiquity USG: LAN: 192.168.1.0/24 from USG. Mikrotik address 192.168.11.1, LAN subnet: 192.168.11.0/24
On the Mikrotik end I used the "L2TP Client" Configurator and mimic'd my settings. Tunnel connects just fine. The problem I'm having is it doesn't seem to be sending any traffic over the tunnel. No devices can see anything on the remote private network and vice versa. All devices still have internet access behind it, just doesn't seem to be forwarding any traffic through the ipsec tunnel. If i use the ping utility within winbox the mikrotik cannot see any of the private interfaces attached to the pfsense instance, including the LAN address of the pfsense, 192.168.0.3

Here are the configured firewall rules of the mikrotik:
Filter rules - all defcon from initial setup
NAT
0 - defcon masquerade srcnat
1 - masquerade srcnat VPN_Interface
Mangle
mark routing, prerouting, 192.168.11.100-192.168.11.199 (Part of configured local subnet)

Any help would be greatly appreciated. I spent about a week scouring different guides and trying different things but I just can't figure it out. I'm command line savy so if you'd like to see something I just need to know the command to get me what you'd like to see. Thank you for your time.

Who is online

Users browsing this forum: MSN [Bot] and 30 guests