API tools faq
paste
Advertisement
Guest User

Mikrotk L2Tp Client Instructions

a guest
Jun 19th, 2025
52
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.78 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. After much Effort and some help from Claude i managed to get the L2Tp Traffic Working
  2. Here are the instructions.
  3.  
  4. =Step 1: Modify L2TP Client Configuration
  5. First, modify your L2TP client settings:
  6.  
  7. Go to Interfaces and double-click your L2TP client interface
  8. Uncheck "Add Default Route" - this is crucial to prevent all traffic from using the VPN
  9. Click OK to save
  10.  
  11. Step 2: Create a Routing Table for VPN Traffic
  12.  
  13. Go to Routing → Tables
  14. Click + to add a new table
  15. Set:
  16. Name: vpn-table
  17. FIB: Check this box
  18. Click OK
  19.  
  20. Step 3: Add Policy-Based Routing
  21.  
  22. Go to IP → Routes
  23. Click + to add a new route
  24. Configure:
  25. Dst. Address: 0.0.0.0/0 (default route for VPN traffic)
  26. Gateway: [This will be the gateway IP you receive from the L2TP connection - check your L2TP interface for the remote address]
  27. Routing Table: vpn-table
  28. Distance: 1
  29. Click OK
  30.  
  31. Step 4: Create Routing Rules
  32. Go to Routing → Rules
  33. Click + to add a new rule
  34. Configure:
  35. Src. Address: x.x.x.x/29
  36. Action: lookup-only-in-table
  37. Table: vpn-table
  38. Click OK
  39.  
  40. Step 5: Add Mangle Rules for Traffic Marking (Alternative Method)
  41. If the routing rules don't work as expected, use mangle rules:
  42.  
  43. Go to IP → Firewall → Mangle
  44. Click + to add a new rule
  45. General tab:
  46. Chain: prerouting
  47. Src. Address: x.x.x.x/29
  48. Action tab:
  49.  
  50. Action: mark-routing
  51. New Routing Mark: vpn-traffic
  52. Passthrough: Check this
  53. Click OK
  54. Step 6: Create Route for Marked Traffic
  55.  
  56. Go to IP → Routes
  57. Click + to add a new route
  58. Configure:
  59.  
  60. Dst. Address: 0.0.0.0/0
  61. Gateway: [L2TP interface name, e.g., "Work-VPN"]
  62. Routing Mark: vpn-traffic
  63. Distance: 1
  64. Click OK
  65. Step 7: Configure NAT (if needed)
  66. If devices in the 10.0.40.0/29 subnet need internet access through the VPN:
  67.  
  68. Go to IP → Firewall → NAT
  69. Click + to add a new rule
  70. General tab:
  71.  
  72. Chain: srcnat
  73. Src. Address: x.x.x.x/29
  74. Out. Interface: [Your L2TP interface name]
  75. Action tab:
  76. Action: masquerade
  77. Click OK
  78.  
  79. Step 8: Verify Configuration
  80. Check IP → Routes to ensure your VPN route is present
  81. From a device in the  x.x.x.x/29 subnet, test connectivity
  82. From a device outside this subnet, verify it uses the regular internet connection
  83. Use Tools → Traceroute to verify the path traffic takes
  84.  
  85. Important Notes:
  86.  
  87. Replace [Your L2TP interface name] with the actual name you gave your L2TP client (e.g., "Work-VPN")
  88. The gateway IP in the routes should be either the L2TP interface name or the remote gateway IP you receive from the connection
  89. You can check the L2TP interface details to see what remote address/gateway is assigned
  90. This configuration ensures that only traffic from the  x.x.x.x/29 subnet will use the L2TP VPN, while all other traffic continues to use your regular internet connection.
  91.  
  92. I'm going to try with just one ip from the  x.x.x.x/29 instead of the Whole /29 subnet
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!