Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /ip ipsec profile
- set [ find default=yes ] dh-group=modp1024 dpd-interval=disable-dpd \
- enc-algorithm=aes-256 hash-algorithm=sha256
- add dh-group=modp1024 dpd-interval=disable-dpd enc-algorithm=aes-256 \
- hash-algorithm=sha256 name=my-ipsec-profile1
- /ip ipsec peer
- add name=my-ipsec-peer1 passive=yes profile=my-ipsec-profile1 \
- send-initial-contact=no
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-128-gcm \
- pfs-group=ecp256
- add auth-algorithms=sha256 enc-algorithms=aes-128-gcm name=my-ipsec-proposal1
- /ip pool
- add name=dhcp ranges=192.168.88.10-192.168.88.254
- add name=pool1-l2tp ranges=172.18.31.10-172.18.31.200
- /ppp profile
- set *0 local-address=192.168.1.15 remote-address=pool1-l2tp use-encryption=\
- yes use-ipv6=no use-upnp=no
- /interface l2tp-client
- add add-default-route=yes allow=mschap2 connect-to=vpnxxxxxxxxx.softether.net \
- disabled=no name=l2tp-out1 profile=my-profile1-encrypt use-ipsec=yes \
- user=hehe@l2tpserv
- /ip firewall filter
- add action=accept chain=input comment=\
- "defconf: accept established,related,untracked" connection-state=\
- established,related,untracked
- add action=drop chain=input comment="defconf: drop invalid" connection-state=\
- invalid
- add action=drop chain=input comment="defconf: accept ICMP" in-interface=\
- all-ppp protocol=icmp
- add action=accept chain=input comment=\
- "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
- add action=drop chain=input comment="defconf: drop all not coming from LAN" \
- in-interface-list=!LAN
- add action=accept chain=forward comment="defconf: accept in ipsec policy" \
- ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" \
- ipsec-policy=out,ipsec
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related hw-offload=yes
- add action=accept chain=forward comment=\
- "defconf: accept established,related, untracked" connection-state=\
- established,related,untracked
- add action=drop chain=forward comment="defconf: drop invalid" \
- connection-state=invalid
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface-list=WAN
- add action=drop chain=input disabled=yes in-interface=pppoe-out1
- add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=udp
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" \
- out-interface=pppoe-out1
- /ip ipsec policy
- add peer=my-ipsec-peer1 proposal=my-ipsec-proposal1 protocol=udp
- /ppp secret
- add local-address=192.168.1.15 name=hehe@l2tpserv profile=my-profile1-encrypt \
- remote-address=172.18.31.103 service=l2tp
- /system logging
- add topics=l2tp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement