Community discussions

just joined
Topic Author
Posts: 4
Joined: Tue Dec 29, 2015 7:17 am

Trying to configure new VPN

Mon Feb 11, 2019 7:49 pm


I'm trying to configure VPN connectivity to my home lab and need a little guidance. I've been using pptp but with the need to make some changes, I figure I would move to a more secure protocol. Recommendations on a more secure protocol would be appreciated!
Hardware: RB1100AHx2
Router OS 6.43.12

I want to be able to setup two separate VPN tunnels:
1) Tunnel 1 will allow my remote computer to behave as if it were actually on my home network. I'm doing this now with pptp, but I understand that's not really secure.
2) Tunnel 2 will be used for my work laptop. I only want traffic destined for my home subnet to pass through the VPN tunnel, everything else should remain on the work network.

I can get Tunnel 1 figured out easily enough, but tunnel 2 seems to be where I am having troubles. I spent some time playing around with it on pptp before realizing I just needed to ask for some help. I was trying to use some firewall and NAT rules to allow or block traffic based on destination subnet, but I either wasn't configuring them correctly or that was not the correct approach.
Found the following example online to show you what I was starting to play with:
/ppp profile add address-list=VPN_USER_client local-address= name=USER remote-address=ovpn-lan

/ip firewall address-list add address= list=VPN_USER_server

/ip firewall filter
add action=jump chain=forward jump-target=VPN_USER src-address-list=VPN_USER_client

add action=accept chain=VPN_USER dst-address-list=VPN_USER_server dst-port=3389 protocol=tcp

add action=drop chain=VPN_USER
Source: ... n-mikrotik

Any assistance/guidance will be greatly appreciated!

Forum Guru
Forum Guru
Posts: 1101
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: Trying to configure new VPN

Mon Feb 11, 2019 8:18 pm

L2TP/IPSEC gets you native clients for Windows, Mac, Linux, iOS and, Android.

IKEv2 gets you native clients in all of the above except Android. Android has apps for IKEv2 (StrongSwan). (This may have changed but as of v7 on Android it still doesn't)

IKEv2 would be my preferred solution.
just joined
Topic Author
Posts: 4
Joined: Tue Dec 29, 2015 7:17 am

Re: Trying to configure new VPN

Mon Feb 11, 2019 8:34 pm

My only real requirement is for windows client connectivity. If IKEv2 would provide better encryption then I'm all for it! I'll do some googling and see if I can figure out how to get a basic VPN tunnel up using IKEv2. Any advice on how to setup a tunnel which will only pass traffic targeted for my subnet though?

Who is online

Users browsing this forum: MSN [Bot] and 102 guests