- Is there something glaringly wrong with this setup and/or is there a more correct way to do this?
- How do I know it's using the hw acceleration for the IPsec?
- I have a few questions on some of the filter rules embedded as comments below.
Code: Select all
/ip pool add comment="pool for vpn connections" name=vpn ranges=\ 10.10.128.2-10.10.128.15 /ip address add address=10.10.128.1/24 network=10.10.128.0 /ppp secret add name=MyName password=MyPassword /ppp profile set *0 local-address=10.10.128.1 remote-address=vpn /interface l2tp-server server set allow-fast-path=yes default-profile=default enabled=yes ipsec-secret=MySecret \ use-ipsec=required /ip firewall filter # disabled these 2 default filters since they had 0 packets # what are these for? add action=accept chain=forward comment="defconf: accept in ipsec policy" \ disabled=yes ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ disabled=yes ipsec-policy=out,ipsec ... add action=accept chain=input comment="For L2TP/IPSec" port=1701,500,4500 \ protocol=udp # is this one necessary, seems to have 0 packets add action=accept chain=input comment="For L2TP/IPSec" disabled=yes protocol=\ ipsec-esp # added this one so I could find my router on a PPP connection. # is this the right way, or can I lock it down more to use just the dynamic # interface that is created when I am authenticated? I tried, but once # the session ends it goes to "no interface" add action=accept chain=input in-interface=all-ppp