aristotelisch
11/7/2015 - 9:04 PM

L2TP IPSEC VPN Auto config for mikrotik based on following tutorial http://www.nasa-security.net/mikrotik/mikrotik-l2tp-with-ipsec/ !!! E

L2TP IPSEC VPN Auto config for mikrotik based on following tutorial http://www.nasa-security.net/mikrotik/mikrotik-l2tp-with-ipsec/

!!! Edit user name/user pass and ipsec secret

# Auto config for mikrotik
# based on following tutorial
# http://www.nasa-security.net/mikrotik/mikrotik-l2tp-with-ipsec/

# !!! CHANGE VARIABLES FIRST and don't use "$" in any of them !!!
# IPSEC_PEER_SECRET="somesecret"
# USER1_NAME="mario"
# USER1_PASS="pass"
# IP_RANGE="172.16.24.100-172.16.24.200"
# DNS_SERVER="172.16.22.1"
# LOCAL_ADDRESS="172.16.22.1"
# WINS_SERVER="172.16.22.1"

# Create VPN Pool for PPP profile
/ip pool add name=pool-vpn ranges=IP_RANGE

# Setup PPP profile
/ppp profile add change-tcp-mss=yes dns-server=DNS_SERVER local-address=LOCAL_ADDRESS name=L2TP-PROFILE only-one=default remote-address=pool-vpn use-compression=default use-encryption=default use-mpls=default use-vj-compression=default wins-server=WINS_SERVER

# Add VPN user
/ppp secret add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=USER1_NAME password=USER1_PASS profile=L2TP-PROFILE routes="" service=l2tp

# Create ipsec peer
/ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=port-override hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=IPSEC_PEER_SECRET send-initial-contact=yes
# !!!!!!! prior to 6.0rc12 you have to use generate-policy=yes

# Setup ipsec proposal
/ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des,aes-256 lifetime=30m name=default pfs-group=none

# Start VPN
/interface l2tp-server server set enabled=yes

# Add firewall rules to allow incoming vpn
/ip firewall filter add action=accept chain=input disabled=no dst-port=1701 in-interface=ether1-gateway protocol=udp place-before=0
/ip firewall filter add action=accept chain=input disabled=no dst-port=500 in-interface=ether1-gateway protocol=udp place-before=0
/ip firewall filter add action=accept chain=input disabled=no dst-port=4500 in-interface=ether1-gateway protocol=udp place-before=0

# Add L2TP Server interface
/interface l2tp-server server set authentication=mschap2 default-profile=L2TP-PROFILE enabled=yes max-mru=1460 max-mtu=1460 mrru=disabled
# Fetch and fill config
mikrotik_vpn_config=$(curl https://gist.github.com/elmariofredo/7232556/raw/VPN-L2TP-IPSEC.mikrotik \
| sed -e '
s/IPSEC_PEER_SECRET/somesecret/g;
s/USER1_NAME/mario/g;
s/USER1_PASS/somepass/g;
s/IP_RANGE/172.16.24.100-172.16.24.200/g;
s/DNS_SERVER/172.16.22.1/g;
s/LOCAL_ADDRESS/172.16.22.1/g;
s/WINS_SERVER/172.16.22.1/g')

# Review config
echo $mikrotik_vpn_config

# Push config to mikrotik
ssh router $mikrotik_vpn_config

# Unset config
unset mikrotik_vpn_config