L2TP VPN Mikrotik

1. L2TP VPN Mikrotik
2.  
3. 1. Interfaces > ether1-gateway > ARP=enable
4. 2. Interfaces > ether2-master-local > ARP=reply only
5. 3. IP > Addresses > Add New > Address=192.168.99.99/24, Interface=ether1-gateway
6. 4. IP > Routes > Add New > Gateway=192.168.99.1, Apply=reachable=ether1-gateway
7. 5. IP > DHCP Server > Add ARP for Leases=On
8. 6. IP > Pool > Add New > Name=VPN-Pool, Addresses=10.10.10.10-10.10.10.254
9. 7. IP > Firewall > NAT > Add New > Src. Address=10.10.10.0/24, Action=masquerade
10. 8. IP > Firewall > Filter Rules > Add New > Chain=input, Protocol=udp, Dst. Port=1701,500,4500, Action=accept
11. 9. IP > Firewall > Filter Rules > Add New > Chain=input, Protocol=ipsec-ah, Port=51, Action=accept
12. 10. IP > Firewall > Filter Rules > Add New > Chain=input, Protocol=ipsec-esp, Port=50, Action=accept
13. 11. PPP > Profiles > Add New > Name=VPN-PPP, Local Address=10.10.10.1, Remote Address=VPN-Pool, DNS Server=8.8.8.8, 8.8.4.4, Use Encryption=required
14. 12. PPP > Interface > L2TP Server, Enabled, Default Profile=VPN-PPP, pap&chap disabled, mschap1&mschap2 enabled
15. 13. PPP > Secrets > Add New > Name=VPN-Secret, Password, Service=L2TP, Profile=VPN-PPP
16. 14. IP > IPSec > Peers > Add New > Secret=psk, Exchange Mode=mainl2tp, NAT Traversal=enabled, Hash Algorithm=sha1, Encryption Algorithm=3des, aes128, aes256 enabled, rest disabled, DH Group=modp2048, Port Override=enabled
17. 15. IP > IPSec > Proposals > default > Encryption Algorithms=aes128cbc&aes256cbc, PFS Group=none, Remove Lifetime