Community discussions

MikroTik App
 
Namidaka
just joined
Topic Author
Posts: 1
Joined: Tue Sep 14, 2021 6:03 pm

Is there an error on the Manual:Interface/L2TP wiki page?

Tue Sep 14, 2021 6:09 pm

Hello.
I'm probably gonna buy 5 mikrotik router to do sitetosite lan over vpn and remote access to lan through l2tp
I was taking a look at the wiki to prepare myself and i think i spotted an error. It may also be that i'm wrong. In this case could you please explain to me why there is no mention of "password" on server side , and why "test123456" is mentioned two time on the server side?
L2TP Config
On the server:
/interface l2tp-server server
set enabled=yes profil=default

/ip pool 
add name=l2tp-pool ranges=192.168.1.2-192.168.1.20

/ppp profile 
set default local-address=192.168.1.1 remote-address=l2tp-pool

/ppp secret
add name=l2tp-test password=test123456 <---------------------this should be "password" 
On the client: 

/interface l2tp-client
add connect-to=1.1.1.1 disabled=no name=l2tp-out1 password=password user=l2tp-test

On server side: 

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des,aes-128,aes-192,aes-256
/ip ipsec peer
add generate-policy=yes hash-algorithm=sha1 nat-traversal=yes secret=test123456
RouterOS as client: 
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128
/ip ipsec peer
add address=1.1.1.1/32 hash-algorithm=sha1 nat-traversal=yes secret=test123456

/ip ipsec policy
add dst-address=1.1.1.1/32 protocol=udp sa-dst-address=1.1.1.1 \
      sa-src-address=10.5.8.120 src-address=10.5.8.120/32
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Is there an error on the Manual:Interface/L2TP wiki page?

Thu Sep 16, 2021 11:13 pm

You're right, the password item on the /interface l2tp-client row at the client router must match the password item on the /ppp secret row at the server router, whereas the secret items must match in the IPsec configurations. But worse than that, the Wiki page you refer to uses the old structure of the IPsec configuration, so you'll have to have a look at the IPsec manual to learn the current one. Or, simpler, specify use-ipsec=yes and set the ipsec-secret value on the /interface l2tp-client row at client side, and set use-ipsec=required and the ipsec-secret in /interface l2tp-server server settings at server side, and RouterOS will create the IPsec configurations dynamically, so you'll be able to study them and, eventually, make static copies of them and modify them as per your needs.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Is there an error on the Manual:Interface/L2TP wiki page?

Thu Sep 16, 2021 11:16 pm

Not sure if this is updated or not.......
https://help.mikrotik.com/docs/display/ROS/L2TP

Who is online

Users browsing this forum: No registered users and 101 guests