MikroTik の RouterOS を L2TP サーバにする設定例をメモしておきます。macOS からのみ、接続確認しました。
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridgeLocal
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=disabled name=PPPoE-Client password=PPPoE-PASSWORD use-peer-dns=yes user=PPPoE-USERNAME
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-256-ctr lifetime=1h name=IPSEC-PROPOSAL pfs-group=modp1536
/ip pool
add name=L2TP-POOL ranges=192.168.254.1-192.168.254.99
/ppp profile
add name=L2TP-PROFILE remote-address=L2TP-POOL use-encryption=yes
/interface bridge port
add bridge=bridgeLocal interface=ether2
add bridge=bridgeLocal interface=ether3
add bridge=bridgeLocal interface=ether4
add bridge=bridgeLocal interface=ether5
/interface l2tp-server server
set authentication=mschap2 default-profile=L2TP-PROFILE enabled=yes ipsec-secret=IPSEC-PSK max-mru=1280 max-mtu=1280 use-ipsec=yes
/ip address
add address=192.168.1.254/24 interface=bridgeLocal network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip firewall filter
add action=accept chain=input in-interface=PPPoE-Client protocol=icmp
add action=accept chain=input in-interface=PPPoE-Client protocol=ipsec-esp
add action=accept chain=input in-interface=PPPoE-Client protocol=udp
add action=drop chain=input in-interface=PPPoE-Client
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PPPoE-Client src-address=192.168.1.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.0/24 out-interface=bridgeLocal src-address=192.168.1.254/24
/ip ipsec policy
set 0 proposal=IPSEC-PROPOSAL
/ip service
set telnet disabled=yes
set ftp disabled=yes
set winbox disabled=yes
/ppp secret
add name=L2TP-USERNAME password=L2TP-PASSWORD profile=L2TP-PROFILE service=l2tp
/system clock
set time-zone-name=Asia/Tokyo
コメント