Community discussions

MikroTik App
 
Parsanejad
just joined
Topic Author
Posts: 11
Joined: Thu Apr 29, 2021 3:20 pm

Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Thu Apr 29, 2021 3:31 pm

Hello there,

I hope this is the right place to ask this. I'm just not much experienced with MikroTik devices (and network stuff in general).

I have a MikroTik RB951Ui-2HnD router which I'm currently using it as an Internet Access Point. I also have a VPN account bought from ExpressVPN and I'm planning to set it up directly on the router so any device connected to the router/access point can use VPN without needng the mobile apps or any other client-side configuration. I also hope to be able to enable split-tunneling for the VPN connection so that certain websites/applications go through VPN and others don't.

But as I said I'm a total noob with these things. Even the person who configured the router to be an access point wasn't me. So I hope someone will favor me by telling me a way to do this and I kindly ask for your help with this issue if possible.

Thank you in advance.

P.S. I actually posted this on reddit too, but still I couldn't manage it to work.
P.P.S I also checked the following links but didn't a find way to do this:

https://techshielder.com/how-to-set-up- ... n-mikrotik
https://www.cactusvpn.com/tutorials/set ... k-routers/
 
DeJoe
newbie
Posts: 33
Joined: Thu May 31, 2018 4:26 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Tue May 11, 2021 3:34 am

Hi.

You should first decide which VPN protocol you want to use.

After a quick tour on ExpressVPN they (at least) support OpenVPN, L2TP/IPSec and IKE2.

OpenVPN is the easiest one to use and setup. It may be also the slowest.
L2TP/IPSec is easy to setup too.
IKE2 is harder to setup on mikrotik.

Details:
The OpenVPN implementation on Mikrotik doesn't support neither LZO-Compression nor UDP. If you want to use it, you have to find out if ExpressVPN forces you to use one of these technologies. If so, you can't use ExpressVPN with Mikrotik.
L2TP/IPSec is a easy to setup and maybe a little faster VPN protocol. Due to the design of IPSec ExpressVPN forces you to use a very easy to guess Pre-Shared-Key. In my opinion if you use this key you are hiding your IP-Address and location from the servers you contact through that VPN tunnel. But if someone wants to decrypt your traffic going thru the tunnel, it is easy to do so.
IKE2 is fast and it is also a IPSec protocol. however the downsites with a weak pre-shared-key are the same as for L2TP/IPSec.

In my opinion you should try to find out if ExpressVPN OpenVPN is compatible with Mikrotik. (About LZO-Compression and UDP).
If thats true, I would go for OpenVPN. If your traffic is not much confidential, maybe L2TP/IPSec is the better way to go because it should just work and is as easy to setup as OpenVPN.

The first link you gave in your post from techshield.com is not any usefull. The setup described there is completely different and not related to ExpressVPN in any way.
The second link is very helpfull and that should be the way to go.

So try removing the setup you did before and start from scratch. (Using the second link) The way to setup a VPN for OpenVPN and L2TP/IPsec is very similar.
 
Parsanejad
just joined
Topic Author
Posts: 11
Joined: Thu Apr 29, 2021 3:20 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Mon May 17, 2021 6:43 pm

Hi.

You should first decide which VPN protocol you want to use.

After a quick tour on ExpressVPN they (at least) support OpenVPN, L2TP/IPSec and IKE2.

OpenVPN is the easiest one to use and setup. It may be also the slowest.
L2TP/IPSec is easy to setup too.
IKE2 is harder to setup on mikrotik.

Details:
The OpenVPN implementation on Mikrotik doesn't support neither LZO-Compression nor UDP. If you want to use it, you have to find out if ExpressVPN forces you to use one of these technologies. If so, you can't use ExpressVPN with Mikrotik.
L2TP/IPSec is a easy to setup and maybe a little faster VPN protocol. Due to the design of IPSec ExpressVPN forces you to use a very easy to guess Pre-Shared-Key. In my opinion if you use this key you are hiding your IP-Address and location from the servers you contact through that VPN tunnel. But if someone wants to decrypt your traffic going thru the tunnel, it is easy to do so.
IKE2 is fast and it is also a IPSec protocol. however the downsites with a weak pre-shared-key are the same as for L2TP/IPSec.

In my opinion you should try to find out if ExpressVPN OpenVPN is compatible with Mikrotik. (About LZO-Compression and UDP).
If thats true, I would go for OpenVPN. If your traffic is not much confidential, maybe L2TP/IPSec is the better way to go because it should just work and is as easy to setup as OpenVPN.
Thank you for helping me.

If OpenVPN is the slowest one I'll go with either L2TP or IKEv2 because like you said confidentiality isn't of much concern for me. I only use VPN to access Geo-blocked content so the main concern (aside from the speed) is persistence in censorship circumvention. I tried some other VPN providers like NordVPN and Surfshark but unfortunately they didn't worked for me(didn't had good speeds or didn't connect at all).

About ExpressVPN's compatibility with MikroTik, I talked with ExpressVPN's support but they said MikroTik isn't among their supported routers, so they can't provide guidance on it.

The first link you gave in your post from techshield.com is not any usefull. The setup described there is completely different and not related to ExpressVPN in any way.
The second link is very helpfull and that should be the way to go.

So try removing the setup you did before and start from scratch. (Using the second link) The way to setup a VPN for OpenVPN and L2TP/IPsec is very similar.
As you said I did reset configurations on the router and used the guide in the second link and tried to change some configurations to make it match with ExpressVPN's configurations, but again couldn't make it work(i.e blocked websites are still blocked).
 
DeJoe
newbie
Posts: 33
Joined: Thu May 31, 2018 4:26 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Mon May 17, 2021 10:14 pm

Is the L2TP Interface "running"?

Can you post your config? Be sure to "hide-sensitive" content.
 
Parsanejad
just joined
Topic Author
Posts: 11
Joined: Thu Apr 29, 2021 3:20 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Mon May 17, 2021 11:47 pm

Is the L2TP Interface "running"?

Can you post your config? Be sure to "hide-sensitive" content.
I was not sure which parts of my configuration I should upload, so I uploaded those configurations I've changed by using that second link's guide.

Interfaces>Interface
Image

PPP>Interface
Image

IP>Firewall>NAT
Image

IP>Firewall>Mangle
Image

IP>Routes>Routes
Image

IP>DNS
Image
 
DeJoe
newbie
Posts: 33
Joined: Thu May 31, 2018 4:26 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Tue May 18, 2021 11:51 pm

The pictures look good to me.

The L2TP interface is running (R-flag) so the tunnel is working.

The only problem I see is that the route is disabled wich route the marked packets to the tunnel. Try to enable this route (the first one). It should work after that.
 
Parsanejad
just joined
Topic Author
Posts: 11
Joined: Thu Apr 29, 2021 3:20 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Wed May 19, 2021 4:13 pm

The pictures look good to me.

The L2TP interface is running (R-flag) so the tunnel is working.

The only problem I see is that the route is disabled wich route the marked packets to the tunnel. Try to enable this route (the first one). It should work after that.
When I enable that route my connection to almost all the internet is lost, that is I can't open any websites (except "google.com" which I don't know why).

Edit: Interestingly enough "yandex.com" works too but its other services e.g. "mail.yandex.com" or "newssearch.yandex.com" don't work. Similarly the same can be said about google, that is "mail.google.com", "maps.google.com", etc don't work either. I thought maybe this applies to all search engines but websites like "baidu.com" "bing.com" or "duckduckgo.com" aren't accessible at all and so far only "google.com" and "yandex.com" had this behaviour.

Edit2: This is the configuration of this specific route as I did per the instructions provided by the second link in my first post:

Image

Edit3: Okay now it seems there is no general rule to it, because sometimes "google.com" and "yandex.com" don't work either.
 
DeJoe
newbie
Posts: 33
Joined: Thu May 31, 2018 4:26 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Wed May 19, 2021 7:26 pm

Ok. I don't have experience with routing marked packets over a VPN.

Can you provide a little more details?
Which version of RouterOS are you running?
Please also post the output of "/export hide-sensitive". Make shure to hide sensitive content.
 
Parsanejad
just joined
Topic Author
Posts: 11
Joined: Thu Apr 29, 2021 3:20 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Wed May 19, 2021 8:49 pm

Ok. I don't have experience with routing marked packets over a VPN.

Can you provide a little more details?
Which version of RouterOS are you running?
Please also post the output of "/export hide-sensitive". Make shure to hide sensitive content.
On the upper left of my router control panel interface it says "RouterOS v6.48.2 (stable)"

And this is the output of the command you said: (I replaced the information I presumed sensitive with asterisk marks(*))
[admin@MikroTik] > /export hide-sensitive   
# may/19/2021 21:57:29 by RouterOS 6.48.2
# software id = 3ZTU-G7AI
#
# model = 951Ui-2HnD
# serial number = B8570C850CD0
/interface bridge
add admin-mac=**:**:**:**:**:** auto-mac=no comment=defconf name=bridge
/interface l2tp-client
add connect-to=uk1-ubuntu-l2tp.expressprovider.com disabled=no keepalive-timeout=disabled name=l2tp-expressvpn use-ipsec=yes user=******
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=******** wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=L2TP-ExpressVPN-Mark passthrough=yes src-address=192.168.88.1-192.168.88.255
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=l2tp-expressvpn
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip route
add disabled=yes distance=1 gateway=l2tp-expressvpn routing-mark=L2TP-ExpressVPN-Mark
/ppp secret
add name=vpn
/system clock
set time-zone-name=Asia/Tehran
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
DeJoe
newbie
Posts: 33
Joined: Thu May 31, 2018 4:26 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Thu May 20, 2021 6:55 pm

Hi,

If you have problems surfing by enabling the routing rule, it means to me that ExpressVPN ist working but you are facing a different problem.

I must admit I don't know what problem you are facing. But there are two things I would change:
add action=mark-routing chain=prerouting new-routing-mark=L2TP-ExpressVPN-Mark passthrough=yes src-address=192.168.88.1-192.168.88.255
Can you change src-address to "src-address=192.168.88.2-192.168.88.255"
This way the address of the router gets excluded. But I don't think that makes any difference.

And in "/ppp profile" can you set "change-tcp-mss" to yes in "default-encryption" ?

Alternatively you can copy "default encryption" profile and set change-tcp-mss to yes in the copied profile.

Can you also please disable
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
for testing?
 
Parsanejad
just joined
Topic Author
Posts: 11
Joined: Thu Apr 29, 2021 3:20 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Fri May 21, 2021 4:41 pm

Since I'm not much experienced with the terminal, I tried to do what you said through the WebFig interface.

Can you change src-address to "src-address=192.168.88.2-192.168.88.255"
This way the address of the router gets excluded. But I don't think that makes any difference.

Did it from here but as you predicted nothing observable has changed.
Image

And in "/ppp profile" can you set "change-tcp-mss" to yes in "default-encryption" ?

Alternatively you can copy "default encryption" profile and set change-tcp-mss to yes in the copied profile.

I think the "Change TCP MSS" parameter is already set to "Yes". See the following screenshot.
Image
Image

Can you also please disable
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
for testing?

Disabled the Filter rule with the "Fasttrack connection" action but again nothing sensible happens.
Image


And actually after each change I tried disabling and re-enabling this route (the greyed one) but anytime I enabled the route, my internet connection went down again.
Image
 
DeJoe
newbie
Posts: 33
Joined: Thu May 31, 2018 4:26 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Fri May 21, 2021 8:27 pm

With the route enabled, can you ping a server on the internet. For example google.com?

Can you do a traceroute to google.com from a client?

On Windows, you do so by opening a command prompt and type "tracert google.com".

Can you post the results of a traceroute with and without the route enabled?

Edit: To not post your IP you can "xxx" the last 3 digits of the IP-addresses.
 
Parsanejad
just joined
Topic Author
Posts: 11
Joined: Thu Apr 29, 2021 3:20 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Sun May 23, 2021 3:23 pm

With the route enabled, can you ping a server on the internet. For example google.com?

Can you do a traceroute to google.com from a client?

On Windows, you do so by opening a command prompt and type "tracert google.com".

Can you post the results of a traceroute with and without the route enabled?

Edit: To not post your IP you can "xxx" the last 3 digits of the IP-addresses.

This is the result of a ping and a tracert when the route was disabled:
C:\WINDOWS\system32>ping google.com

Pinging google.com [216.58.209.142] with 32 bytes of data:
Reply from 216.58.209.142: bytes=32 time=61ms TTL=52
Reply from 216.58.209.142: bytes=32 time=53ms TTL=52
Reply from 216.58.209.142: bytes=32 time=63ms TTL=52
Reply from 216.58.209.142: bytes=32 time=60ms TTL=52

Ping statistics for 216.58.209.142:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 53ms, Maximum = 63ms, Average = 59ms

C:\WINDOWS\system32>tracert google.com

Tracing route to google.com [216.58.209.142]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  router.lan [192.168.88.1]
  2     1 ms     1 ms     1 ms  192.168.0.xxx
  3   246 ms   230 ms   266 ms  172.20.2.xxx
  4    39 ms    37 ms    38 ms  172.20.2.xxx
  5    36 ms    16 ms    39 ms  172.20.40.xxx
  6    43 ms    17 ms    41 ms  172.17.2.xxx
  7    33 ms    31 ms    38 ms  10.202.6.xxx
  8    41 ms    30 ms    40 ms  10.201.47.xxx
  9    31 ms    35 ms    38 ms  10.21.0.xxx
 10    35 ms    39 ms    34 ms  10.21.21.xxx
 11    55 ms    60 ms    55 ms  213.202.4.xxx
 12    78 ms    99 ms    90 ms  213.202.5.xxx
 13    61 ms    73 ms    72 ms  216.239.48.xxx
 14    68 ms    65 ms    60 ms  108.170.227.xxx
 15    71 ms    68 ms    69 ms  mct01s13-in-f14.1e100.net [216.58.209.142]

Trace complete.

This is the result of a ping and a tracert when the route was enabled:
C:\WINDOWS\system32>ping google.com

Pinging google.com [142.250.180.46] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 142.250.180.46:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\WINDOWS\system32>tracert google.com

Tracing route to google.com [142.250.180.46]
over a maximum of 30 hops:

  1     2 ms     1 ms     1 ms  router.lan [192.168.88.1]
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18  ^C
 
DeJoe
newbie
Posts: 33
Joined: Thu May 31, 2018 4:26 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Sun May 23, 2021 4:17 pm

Ok.

So the tunnel seems to fail. Which is a little confusing to me beacuse the L2TP interface has the "running" flag in your pictures. But maybe this is "usual" for RouterOS.
It could also be a firewall or routing problem. But I couldn't found a problem in your config.

But I read your config again and I found somthing regarding the L2TP interface:
/interface l2tp-client
add connect-to=uk1-ubuntu-l2tp.expressprovider.com disabled=no keepalive-timeout=disabled name=l2tp-expressvpn use-ipsec=yes user=******
There is configured "use-ipsec=yes" which is correct. but i am missing the "ipsec-secret". Did you hide it or is there none configured? If there is none, please add it. You can found the ipsec-secret (also known as pre-shared-secret or psk) on the ExpressVPN website.

Also I can see "user=***" is configured but i can't find a corresponding password configured. If the password is missing, please add it. You should use the password to the corresponding "user" for ExpressVPN.

After adding the two things, please try pinging again.
 
Parsanejad
just joined
Topic Author
Posts: 11
Joined: Thu Apr 29, 2021 3:20 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Sun May 23, 2021 10:01 pm

Ok.

So the tunnel seems to fail. Which is a little confusing to me beacuse the L2TP interface has the "running" flag in your pictures. But maybe this is "usual" for RouterOS.
It could also be a firewall or routing problem. But I couldn't found a problem in your config.

But I read your config again and I found somthing regarding the L2TP interface:
/interface l2tp-client
add connect-to=uk1-ubuntu-l2tp.expressprovider.com disabled=no keepalive-timeout=disabled name=l2tp-expressvpn use-ipsec=yes user=******
There is configured "use-ipsec=yes" which is correct. but i am missing the "ipsec-secret". Did you hide it or is there none configured? If there is none, please add it. You can found the ipsec-secret (also known as pre-shared-secret or psk) on the ExpressVPN website.

Also I can see "user=***" is configured but i can't find a corresponding password configured. If the password is missing, please add it. You should use the password to the corresponding "user" for ExpressVPN.

After adding the two things, please try pinging again.

I tried "/export" command without the "hide-sensitive" attribute and I can see that "ipsec-secret" and "password" parameters do exist already.

I took a screenshot from "Quick Set" tab. Could there be a problem here?
Image

I enabled the "VPN Access" checkbox once, but nothing happened.
 
DeJoe
newbie
Posts: 33
Joined: Thu May 31, 2018 4:26 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Mon May 24, 2021 1:33 am

Seems I can't find the problem.

Just one last shot. Can you disable the L2TP-Server unless you really need it? (It is not needed for a L2TP Client connection.)
And reboot the device?
/interface l2tp-server server
set enabled=yes use-ipsec=yes
 
Parsanejad
just joined
Topic Author
Posts: 11
Joined: Thu Apr 29, 2021 3:20 pm

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Mon May 24, 2021 11:32 am

Seems I can't find the problem.

Just one last shot. Can you disable the L2TP-Server unless you really need it? (It is not needed for a L2TP Client connection.)
And reboot the device?
/interface l2tp-server server
set enabled=yes use-ipsec=yes

Image
I disabled it through the IP>DHCP Server path in the WebFig interface(the above screenshot) but nothing was changed. However I'm not sure if this was the correct way to do this because after disabling it I ran the "/export" command and this line was still present:
/interface l2tp-server server
set use-ipsec=yes
Although the "enabled=yes" part isn't there anymore but whether I keep DHCP Server enabled or not (by using the above way), the "enabled=yes" parameter doesn't appear.
 
mrporia
just joined
Posts: 1
Joined: Wed Jan 26, 2022 11:53 am

Re: Need help for setting a VPN on a MikroTik RB951Ui-2HnD router (plus Split-Tunneling)

Wed Jan 26, 2022 11:59 am

Hello dears

i have a problem that im deal with it like 3 days

i wan to set ovpn client on mikrotik but i understand that mikrotik cant support udp and user auth and comp-lzo !


so i try to find slotion for ikev2(with remote id) and ipsec(with pre key)
but again i cant settup on my mikrotik


*(i setup pptp and l2tp and they work fine but i think it is very slow on mikrotik, becuse when i set it on pc or device i get very good download upload and ping, but in mikrotik it act like turtle
i ned to wait 2 min just for a iplocation site)*





can some one help me to setup ikev2 and ipsec client on mikrotik?
thanks a lot

Who is online

Users browsing this forum: JDF, mtest001 and 42 guests