Name: IPSECL2tpClient
Auth. Algorithms: sha1
Encr.Algorithms: 3des ase-256 cbc
PFS Group: modp1024
Address: 你的服务器IP
下面没说的其他都是默认设置
Send Initial Contact: 不选
Exchange Mode: main l2tp
Encryption Algorithm: 3des ase-128 ase-256
DH Group: modp1024
Auth Method: 根据服务器的设置选 通常都是PSK
Src. Address: 你的wan口地址
Dst. Address: L2tp服务器地址
SA Src. Address: 你的wan口地址
SA Dst. Address: L2tp服务器地址
Peoposal: IPSECL2tpClient(上面设置的Peoposal名字)
Tunnel: 不要勾选
这里填入你的服务器地址和密码 就可以了
设置一个NAT规则 让L2TP 的浏览流得过去
chain: srcnat
out. interface: L2tp的名字
Action: masquerade
剩下的就是流量规则 打标签让什么流量流进L2tp中
:local wanaddr
:local saSrcAddr
:local dstaddr "你的服务器IP"
:set wanaddr [/ip address get [/ip address find interface=pppoe-out1] address]
:set saSrcAddr [:pick $wanaddr 0 ([len $wanaddr] -3)]
foreach id in=[/ip ipsec policy find sa-dst-address=$dstaddr] do={
:if ($saSrcAddr != [/ip ipsec policy get $id sa-src-address]) do={
:log info ("IPSEC SA-SRC UPDATE! " . $saSrcAddr)
/ip ipsec policy set $id src-address=$wanaddr sa-src-address=$saSrcAddr
}
}