terça-feira, 24 de maio de 2016

Mikrotik - Configuração VPN L2TP no Smartphone Android

RouterOS configuration for Android L2TP/IPSec PSK VPN:

RouterOS:

/ip pool add name="VPN" ranges=10.0.0.1-10.0.0.254
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
add enc-algorithms=3des,aes-256-cbc name=l2tp-vpn pfs-group=none

/ppp profile
add change-tcp-mss=yes dns-server=XXX.XXX.XXX.XXX local-address=VPN name=\
l2tp-vpn remote-address=VPN

/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp-vpn enabled=yes ipsec-secret=\
SECRETKEY max-mru=1460 max-mtu=1460 use-ipsec=yes

/ip ipsec policy
set (unknown) proposal=l2tp-vpn

/ppp secret
add name=USER password=PASSWORD profile=l2tp-vpn service=l2tp

/ip ipsec peer add address=0.0.0.0/0 port=500 auth-method=pre-shared-key passive=yes secret=SECRETKEY generate-policy=port-override exchange-mode=main-l2tp
send-initial-contact=yes nat-traversal=yes hash-algorithm=sha1 enc-algorithm=3des,aes-256


On Android, create a L2TP/IPSec PSK VPN.
Add the address of the VPN server and the pre-shared IPSec secret key (SECRETKEY). Don't enter a secret for L2TP or a user for IPSec.

--- Firewall
liberar portas UDP - 400, 4500, 1701:

/ip firewall filter
add chain=input comment="L2TP - Android" dst-port=500 protocol=udp
add chain=input comment="L2TP - Android" dst-port=1701 protocol=udp
add chain=input comment="L2TP - Android" dst-port=4500 protocol=udp


--- futuro: ajustar parametros e verificar acessos remotos.

0 comentários: