carlesloriente · July 2, 2024 13:02 · carlesloriente · Feb 8, 2024
diff --git a/mikrotik_routeros_vpn-l2tp-ipsec.rsc b/mikrotik_routeros_vpn-l2tp-ipsec.rsc
 # Mikrotik RouterOs L2TP/IPSec VPN Full configuration
 #

 /interface bridge
 add fast-forward=no name=bridge

 /interface ethernet
 set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full

 /interface bridge port
 add bridge=bridge hw=no interface=ether1

 /snmp community
 set [ find default=yes ] addresses=0.0.0.0/0

 /system clock
 set time-zone-name=Europe/Dublin

 /system identity
 set name=mikrotik_vpn

 /system ntp client
 set enabled=yes server-dns-names=pool.ntp.org

 /ip service
 set telnet disabled=yes
 set ftp disabled=yes
 set www disabled=yes
 set api disabled=yes
 set api-ssl disabled=yes

 /ip pool
 add name=pool-vpn ranges=10.1.1.2-10.1.1.250

 /ip ipsec peer
 add name=l2tpserver passive=yes

 /ip ipsec proposal
 set [ find default=yes ] enc-algorithms=3des

 /ip ipsec mode-config
 add address-pool=pool-vpn name=cfg1 static-dns=8.8.8.8 system-dns=no

 /ppp profile
 add bridge=bridge local-address=pool-vpn name=profile-vpn remote-address=pool-vpn
 add bridge=bridge dns-server=8.8.8.8 local-address=pool-vpn name=ipsec_vpn remote-address=pool-vpn

 /interface l2tp-server server
 set authentication=mschap1,mschap2 default-profile=ipsec_vpn enabled=yes

 /ip dhcp-client
 add !dhcp-options disabled=no interface=ether1
 add disabled=no interface=bridge

 /ip firewall filter
 add action=accept chain=input protocol=ipsec-esp

 /ip firewall nat
 add action=masquerade chain=srcnat out-interface=bridge src-address=10.1.1.2-10.1.1.250
 add action=accept chain=srcnat

 /ip ipsec identity
 add generate-policy=port-override peer=l2tpserver secret="ChangeThisSecret"

 /ppp secret
 add name=vpn_user password="ChangeThisPasword" profile=profile-vpn service=any
	# Mikrotik RouterOs L2TP/IPSec VPN Full configuration
	#

	/interface bridge
	add fast-forward=no name=bridge

	/interface ethernet
	set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full

	/interface bridge port
	add bridge=bridge hw=no interface=ether1

	/snmp community
	set [ find default=yes ] addresses=0.0.0.0/0

	/system clock
	set time-zone-name=Europe/Dublin

	/system identity
	set name=mikrotik_vpn

	/system ntp client
	set enabled=yes server-dns-names=pool.ntp.org

	/ip service
	set telnet disabled=yes
	set ftp disabled=yes
	set www disabled=yes
	set api disabled=yes
	set api-ssl disabled=yes

	/ip pool
	add name=pool-vpn ranges=10.1.1.2-10.1.1.250

	/ip ipsec peer
	add name=l2tpserver passive=yes

	/ip ipsec proposal
	set [ find default=yes ] enc-algorithms=3des

	/ip ipsec mode-config
	add address-pool=pool-vpn name=cfg1 static-dns=8.8.8.8 system-dns=no

	/ppp profile
	add bridge=bridge local-address=pool-vpn name=profile-vpn remote-address=pool-vpn
	add bridge=bridge dns-server=8.8.8.8 local-address=pool-vpn name=ipsec_vpn remote-address=pool-vpn

	/interface l2tp-server server
	set authentication=mschap1,mschap2 default-profile=ipsec_vpn enabled=yes

	/ip dhcp-client
	add !dhcp-options disabled=no interface=ether1
	add disabled=no interface=bridge

	/ip firewall filter
	add action=accept chain=input protocol=ipsec-esp

	/ip firewall nat
	add action=masquerade chain=srcnat out-interface=bridge src-address=10.1.1.2-10.1.1.250
	add action=accept chain=srcnat

	/ip ipsec identity
	add generate-policy=port-override peer=l2tpserver secret="ChangeThisSecret"

	/ppp secret
	add name=vpn_user password="ChangeThisPasword" profile=profile-vpn service=any