MikroTik を L2TP サーバにして macOS から接続する
MikroTik の RouterOS を L2TP サーバにする設定例をメモしておきます。macOS からのみ、接続確認しました。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53 | /interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridgeLocal
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=disabled name=PPPoE-Client password=PPPoE-PASSWORD use-peer-dns=yes user=PPPoE-USERNAME
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-256-ctr lifetime=1h name=IPSEC-PROPOSAL pfs-group=modp1536
/ip pool
add name=L2TP-POOL ranges=192.168.254.1-192.168.254.99
/ppp profile
add name=L2TP-PROFILE remote-address=L2TP-POOL use-encryption=yes
/interface bridge port
add bridge=bridgeLocal interface=ether2
add bridge=bridgeLocal interface=ether3
add bridge=bridgeLocal interface=ether4
add bridge=bridgeLocal interface=ether5
/interface l2tp-server server
set authentication=mschap2 default-profile=L2TP-PROFILE enabled=yes ipsec-secret=IPSEC-PSK max-mru=1280 max-mtu=1280 use-ipsec=yes
/ip address
add address=192.168.1.254/24 interface=bridgeLocal network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip firewall filter
add action=accept chain=input in-interface=PPPoE-Client protocol=icmp
add action=accept chain=input in-interface=PPPoE-Client protocol=ipsec-esp
add action=accept chain=input in-interface=PPPoE-Client protocol=udp
add action=drop chain=input in-interface=PPPoE-Client
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PPPoE-Client src-address=192.168.1.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.0/24 out-interface=bridgeLocal src-address=192.168.1.254/24
/ip ipsec policy
set 0 proposal=IPSEC-PROPOSAL
/ip service
set telnet disabled=yes
set ftp disabled=yes
set winbox disabled=yes
/ppp secret
add name=L2TP-USERNAME password=L2TP-PASSWORD profile=L2TP-PROFILE service=l2tp
/system clock
set time-zone-name=Asia/Tokyo
|