Jump to content
TorGuard
  • 0

MikroTik hEX L2TP/IPsec set up help

Rate this question


bpoilspill
 Share

Question

Have a MikroTik hex I'm trying to set up using L2TP and IPSec. MikroTik can be set up as a client. I can get the L2TP working fine, but as soon as I enable IPSec it fails. I'm guessing I'll have to go through the IPsec menu and manually set it all up. I'm not sure where to go from there, any help would be appreciated.

 

This is all I have under ipsec peer atm.

/ip ipsec peer
add address=96.47.237.162/32 dh-group=modp1024 secret=torguard
Link to comment
Share on other sites

3 answers to this question

Recommended Posts

  • 0

 

Have a MikroTik hex I'm trying to set up using L2TP and IPSec. MikroTik can be set up as a client. I can get the L2TP working fine, but as soon as I enable IPSec it fails. I'm guessing I'll have to go through the IPsec menu and manually set it all up. I'm not sure where to go from there, any help would be appreciated.

 

This is all I have under ipsec peer atm.

/ip ipsec peer
add address=96.47.237.162/32 dh-group=modp1024 secret=torguard

 

Hey there, modp should be: 3072 - are you able to produce any logs ?

 

Regards

Link to comment
Share on other sites

  • 0

 

Have a MikroTik hex I'm trying to set up using L2TP and IPSec. MikroTik can be set up as a client. I can get the L2TP working fine, but as soon as I enable IPSec it fails. I'm guessing I'll have to go through the IPsec menu and manually set it all up. I'm not sure where to go from there, any help would be appreciated.

 

This is all I have under ipsec peer atm.

/ip ipsec peer
add address=96.47.237.162/32 dh-group=modp1024 secret=torguard

 

Did you get this working? I'm similarly stuck with a Mikrotik; failing on IPsec (dead tunnel in debug messages). 

 

Seems to create a peer well enough dynamically (setting one up manually doesn't seem to make a difference). 

 

Do you have firewall rules in place? 

 

Do you have any rules for 0.0.0.0 in place in IPsec peers?

 

Any help appreciated :)

Link to comment
Share on other sites

  • 0
#Configure L2TP tunnel with IPSec to VPN service TorGuard.

/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512 enc-algorithms=aes-256-cbc,aes-256-ctr pfs-group=none

/ppp profile
add change-tcp-mss=yes name="torguard profile" use-compression=no use-encryption=no use-ipv6=no use-mpls=no use-upnp=no

/interface l2tp-client
add connect-to=dal.central.usa.torguardvpnaccess.com disabled=no ipsec-secret=torguard name=l2tp.TG.DAL password="<user password here>" profile="torguard profile" use-ipsec=yes user="<user email here>"

/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=TG passthrough=no src-address=172.31.1.50

/ip firewall nat
add action=masquerade chain=srcnat out-interface=l2tp.TG.DAL

/ip route
add distance=1 gateway=10.1.2.1 routing-mark=TG

Mine works with this code. I don't believe I missed anything here. Let me know if it doesn't work and I'll double-check. Obviously I'm using Dallas TX in this case, but you can select whichever TG peer you wish.

The mangle and routing rule are to specify which host(s) or other conditions to send the traffic over the TG VPN.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...