RouterOS configuration for Android L2TP/IPSec PSK VPN:
RouterOS:
/ip pool add name="VPN" ranges=10.0.0.1-10.0.0.254
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
add enc-algorithms=3des,aes-256-cbc name=l2tp-vpn pfs-group=none
/ppp profile
add change-tcp-mss=yes dns-server=XXX.XXX.XXX.XXX local-address=VPN name=\
l2tp-vpn remote-address=VPN
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp-vpn enabled=yes ipsec-secret=\
SECRETKEY max-mru=1460 max-mtu=1460 use-ipsec=yes
/ip ipsec policy
set (unknown) proposal=l2tp-vpn
/ppp secret
add name=USER password=PASSWORD profile=l2tp-vpn service=l2tp
/ip ipsec peer add address=0.0.0.0/0 port=500 auth-method=pre-shared-key passive=yes secret=SECRETKEY generate-policy=port-override exchange-mode=main-l2tp
send-initial-contact=yes nat-traversal=yes hash-algorithm=sha1 enc-algorithm=3des,aes-256
On Android, create a L2TP/IPSec PSK VPN.
Add the address of the VPN server and the pre-shared IPSec secret key (SECRETKEY). Don't enter a secret for L2TP or a user for IPSec.
--- Firewall
liberar portas UDP - 400, 4500, 1701:
/ip firewall filter
add chain=input comment="L2TP - Android" dst-port=500 protocol=udp
add chain=input comment="L2TP - Android" dst-port=1701 protocol=udp
add chain=input comment="L2TP - Android" dst-port=4500 protocol=udp
--- futuro: ajustar parametros e verificar acessos remotos.
0 comentários:
Postar um comentário