Forked from devopsmariocom/Fill_mikrotik_config.bash
Last active
June 22, 2016 15:43
-
-
Save mxi1/b894139c33977b31c861d85dc01650e7 to your computer and use it in GitHub Desktop.
L2TP IPSEC VPN Auto config for mikrotik based on following tutorial http://www.nasa-security.net/mikrotik/mikrotik-l2tp-with-ipsec/!!! Edit user name/user pass and ipsec secret
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fetch and fill config | |
| mikrotik_vpn_config=$(curl https://gist.github.com/elmariofredo/7232556/raw/VPN-L2TP-IPSEC.mikrotik \ | |
| | sed -e ' | |
| s/IPSEC_PEER_SECRET/somesecret/g; | |
| s/USER1_NAME/mario/g; | |
| s/USER1_PASS/somepass/g; | |
| s/IP_RANGE/172.16.24.100-172.16.24.200/g; | |
| s/DNS_SERVER/172.16.22.1/g; | |
| s/LOCAL_ADDRESS/172.16.22.1/g; | |
| s/WINS_SERVER/172.16.22.1/g') | |
| # Review config | |
| echo $mikrotik_vpn_config | |
| # Push config to mikrotik | |
| ssh router $mikrotik_vpn_config | |
| # Unset config | |
| unset mikrotik_vpn_config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Auto config for mikrotik | |
| # based on following tutorial | |
| # http://www.nasa-security.net/mikrotik/mikrotik-l2tp-with-ipsec/ | |
| # !!! CHANGE VARIABLES FIRST and don't use "$" in any of them !!! | |
| # IPSEC_PEER_SECRET="somesecret" | |
| # USER1_NAME="mario" | |
| # USER1_PASS="pass" | |
| # IP_RANGE="172.16.24.100-172.16.24.200" | |
| # DNS_SERVER="172.16.22.1" | |
| # LOCAL_ADDRESS="172.16.22.1" | |
| # WINS_SERVER="172.16.22.1" | |
| # Create VPN Pool for PPP profile | |
| /ip pool add name=pool-vpn ranges=IP_RANGE | |
| # Setup PPP profile | |
| /ppp profile add change-tcp-mss=yes dns-server=DNS_SERVER local-address=LOCAL_ADDRESS name=L2TP-PROFILE only-one=default remote-address=pool-vpn use-compression=default use-encryption=default use-mpls=default | |
| # Add VPN user | |
| /ppp secret add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=USER1_NAME password=USER1_PASS profile=L2TP-PROFILE routes="" service=l2tp | |
| # Create ipsec peer | |
| /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=port-override hash-algorithm=sha1 lifetime=1d nat-traversal=yes port=500 secret=IPSEC_PEER_SECRET send-initial-contact=yes | |
| # !!!!!!! prior to 6.0rc12 you have to use generate-policy=yes | |
| # Setup ipsec proposal | |
| /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256-cbc lifetime=30m name=default pfs-group=none | |
| # Start VPN | |
| /interface l2tp-server server set enabled=yes | |
| # Add firewall rules to allow incoming vpn | |
| # http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#L2TP.2FIpSec_setup | |
| /ip firewall filter add chain=input protocol=udp port=1701,500,4500 | |
| /ip firewall filter add chain=input protocol=ipsec-esp | |
| # Add L2TP Server interface | |
| /interface l2tp-server server set authentication=mschap2 default-profile=L2TP-PROFILE enabled=yes max-mru=1460 max-mtu=1460 mrru=disabled |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment