Community discussions

just joined
Topic Author
Posts: 20
Joined: Mon Jan 07, 2019 7:21 am

Is this the right configuration for L2TP/IPSec server?

Mon Jan 14, 2019 4:45 pm

New RB4011 serving as the edge router in our configuration. L2TP/IPSec VPN tunnel from outside the network setup works, but appears to be very different than some of the others that I have seen posted (using proposals, etc.).
  • Is there something glaringly wrong with this setup and/or is there a more correct way to do this?
  • How do I know it's using the hw acceleration for the IPsec?
  • I have a few questions on some of the filter rules embedded as comments below.
/ip pool
add comment="pool for vpn connections" name=vpn ranges=\

/ip address
add address= network=

/ppp secret
add name=MyName password=MyPassword

/ppp profile
set *0 local-address= remote-address=vpn

/interface l2tp-server server
set allow-fast-path=yes default-profile=default enabled=yes ipsec-secret=MySecret \

/ip firewall filter

# disabled these 2 default filters since they had 0 packets
# what are these for?
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=accept chain=input comment="For L2TP/IPSec" port=1701,500,4500 \

# is this one necessary, seems to have 0 packets
add action=accept chain=input comment="For L2TP/IPSec" disabled=yes protocol=\

# added this one so I could find my router on a PPP connection.
# is this the right way, or can I lock it down more to use just the dynamic
# interface that is created when I am authenticated?  I tried, but once
# the session ends it goes to "no interface"
add action=accept chain=input in-interface=all-ppp
Much appreciated.

Who is online

Users browsing this forum: No registered users and 56 guests