Community discussions

MikroTik App
 
levani2009
just joined
Topic Author
Posts: 4
Joined: Mon Jul 19, 2021 10:46 am

L2tp vpn problem

Mon Jul 19, 2021 10:48 am

Hello, i have l2tp vpn server in mikrotik RB951Ui, after connection vpn clients uses vpn server internet source, and can i change this, that vpn user do not use vpn server internet source
 
tangent
Forum Guru
Forum Guru
Posts: 1333
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: L2tp vpn problem

Mon Jul 19, 2021 12:22 pm

Your question is quite vague, but I think I've worked out what you're trying to ask.

The problem is that your VPN is configured to set itself as the default route for the client computer so all traffic goes through the VPN. This is sometimes exactly what one wants, but what you appear to want instead is only for some traffic to go through the VPN, letting everything else use the old default route to the local Internet connection.

The solution may be as simple as "add-default-route=no," but your client VPN configuration can play into this.

Once you do this, you may then need to add a more restrictive static route, like 192.168.88.0/24 pointing back to the VPN connection so connections to only those addresses go through the VPN. How you do this depends on details of how the VPN is set up. If the IP address of the client comes from a DHCP server running on the MT router, setting a classless route is one way to solve this.

If that doesn't work for you, we need more details about how you've set the VPN up. Send the "/export" info stripped of sensitive info, what VPN client you're using, configuration details for that client, and so forth.
 
levani2009
just joined
Topic Author
Posts: 4
Joined: Mon Jul 19, 2021 10:46 am

Re: L2tp vpn problem

Mon Jul 19, 2021 10:34 pm

Thank you,


set *0 dns-server=8.8.8.8
add dns-server=192.168.0.4,8.8.8.8 local-address=192.168.90.1 name=VPN_PROFILE \
remote-address=vpn-pool
add dns-server=192.168.0.4,8.8.8.8 local-address=192.168.90.1 name=\
"VPN_NO INTERNET ACCESS " remote-address=vpn-pool



/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,3des lifetime=0s pfs-group=none
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp2048 enc-algorithm=aes-256,aes-128,3des exchange-mode=main-l2tp generate-policy=port-override port=4567 secret=xxxxxxxx


Can you give me some tutorial.
i wont to cerate new l2tp IPsec vpn server.
 
tangent
Forum Guru
Forum Guru
Posts: 1333
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: L2tp vpn problem

Tue Jul 20, 2021 2:07 am

I lost my place in that document and thought the "add-default-route" parameter was on the server side, but it's on the client side.

What this means is that unless you're using a RouterOS box as the VPN client, that setting won't help you. However, other clients will likely have similar settings. What client are you using?
 
levani2009
just joined
Topic Author
Posts: 4
Joined: Mon Jul 19, 2021 10:46 am

Re: L2tp vpn problem

Tue Jul 20, 2021 8:36 am

My task is to connect VPN server (mikrotik vpn server), i have mikrotik rb only one side, server side, and need that clients should not use mikrotik rb gateway
 
User avatar
karlisi
Member
Member
Posts: 435
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: L2tp vpn problem

Tue Jul 20, 2021 9:18 am

You can't. I guess clients are Windows, and Windows VPN connection by default uses VPN server as default gateway. Either instruct your clients to disable remote gateway in VPN settings, or make a script to do this (perhaps someone can help with this) and send it to clients.
 
levani2009
just joined
Topic Author
Posts: 4
Joined: Mon Jul 19, 2021 10:46 am

Re: L2tp vpn problem

Sat Jul 24, 2021 3:50 pm

I did it, thank very much all you,


uncheck : Use default gateway on remote network
and
route -p ADD network address MASK 255.255.255.0 serveripaddress

Who is online

Users browsing this forum: Bing [Bot] and 49 guests