4.PNG2.PNGAhojte, dlhsiu dobu sa mi nedari rozchodit L2TP/IPSEC /ROS je najnovsi/
Zvlastne je, ze na Android 5.0 funguje...
Dokonca som v registroch Windows povoloval NAT-T aby som sa dostal na moje NAS QNAP...
Najviac ma na tom stve, ze ono mi to raz po prvom nastaveni islo - dokonca aj SMB sharing... po par tyzdnich ked to chce clovek na nieco, nefunguje to. Zaroven, mae skusenosti so SSTP ? Vytvorim certifikaty na MiktroTiku /self-signed) podla mnohych navodov na NETe no Win mi ich nezozerie... SSTP bezi na 443 cize sa nikdy nestane, ze mi bude blokovat porty nejaky ISP... premyslam dobre ?
Budem rad za vase cenne skusenosti...
Moje nastavenia:
SERVER
[admin@Sestnastka_ROUTER] /interface l2tp-server server> print
enabled: yes
max-mtu: 1450
max-mru: 1450
mrru: disabled
authentication: mschap1,mschap2
keepalive-timeout: disabled
max-sessions: unlimited
default-profile: L2TP
use-ipsec: no
ipsec-secret: heslo
caller-id-type: ip-address
allow-fast-path: no
admin@Sestnastka_ROUTER] /ppp profile> print
Flags: * - default
0 * name="default" use-mpls=default use-compression=default use-encryption=default
only-one=default change-tcp-mss=yes use-upnp=default address-list="" on-up=""
on-down=""
1 name="L2TP" local-address=ether2 remote-address=L2TP/IPsec use-mpls=default
use-compression=default use-encryption=required only-one=default
change-tcp-mss=default use-upnp=default address-list="" dns-server=8.8.8.8,8.8.4.4
on-up="" on-down=""
2 * name="default-encryption" use-mpls=default use-compression=default use-encryption=yes
only-one=default change-tcp-mss=yes use-upnp=default address-list="" on-up=""
on-down=""
Poznamka: local address z rozsahu 192.168.2.0/24, remote - jedina addresa vytvorena cez POOL: 192.168.6.10
admin@Sestnastka_ROUTER] /ppp secret> print
Flags: X - disabled
# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS
0 sestnastka l2tp heslo L2TP
admin@Sestnastka_ROUTER] /ip pool> print
# NAME RANGES
0 ether2 192.168.2.10-192.168.2.100
1 ether3 192.168.3.10-192.168.3.100
2 ether4 192.168.4.10-192.168.4.100
3 ether5 192.168.5.10-192.168.5.100
4 WIFI2.4 192.168.24.10-192.168.24.100
5 WIFI5 192.168.50.10-192.168.50.100
6 L2TP/IPsec 192.168.6.10
7 NAVSTEVA 192.168.60.10-192.168.60.20
0 R address=0.0.0.0/0 auth-method=pre-shared-key secret="heslo"
generate-policy=port-override policy-template-group=default exchange-mode=main-l2tp
send-initial-contact=yes nat-traversal=yes proposal-check=obey hash-algorithm=sha1
enc-algorithm=aes-256,aes-128,3des dh-group=modp2048,modp1024 lifetime=1d
dpd-interval=2m dpd-maximum-failures=5
[admin@Sestnastka_ROUTER] /ip ipsec proposal> print
Flags: X - disabled, * - default
0 * name="default" auth-algorithms=sha1 enc-algorithms=aes-256-ctr,3des lifetime=30m
pfs-group=none
0 ;;; VZDIALENY PRISTUP Z WINBOXu
chain=input action=accept protocol=tcp dst-port=8291 log=no log-prefix=""
1 chain=forward action=accept connection-state=established,related
connection-nat-state="" in-interface=ether1 log=no log-prefix=""
2 chain=forward action=accept connection-state=established,related log=no log-prefix=""
3 ;;; Povol L2TP VPN protokol 50
chain=input action=accept protocol=ipsec-esp log=no log-prefix=""
4 ;;; Povol L2TP VPN protokol 51
chain=input action=accept protocol=ipsec-ah log=no log-prefix=""
5 ;;; Povol L2TP VPN port 1701
chain=input action=accept protocol=udp dst-port=1701 log=no log-prefix=""
6 ;;; Povol L2TP VPN port 500
chain=input action=accept protocol=udp dst-port=500 log=no log-prefix=""
7 ;;; Povol L2TP VPN port 4500
chain=input action=accept protocol=udp dst-port=4500 log=no log-prefix=""
CLIENT
Windows 7 Home - viz priloha. Este podotknem, ze z MikroTik pingnem aktuane pridelenu addressu napr. 192.168.2.98 ale z NB nepingnem nic (akoby som vobec nebol pripojeny) ale v MT vidim, ze som tam..
Ak bude potreba este nieco sem hodit, daj vediet.
