/ip pool add name=VPN_pool ranges=192.168.88.179-192.168.88.180
/ppp profile add local-address=192.168.88.1 name=L2TP_Profile remote-address=VPN_pool use-encryption=require
/ppp secret add name=***** password=***** profile=L2TP_Profile service=l2tp
/ip firewall filter add action=accept chain=input comment="Accept L2TP VPN" dst-port=1701,500,4500 in-interface=PPPoE_S protocol=udp
/interface l2tp-server server
set default-profile=ovpn enabled=yes ipsec-secret=xxxxxxx use-ipsec=yes
you need to setup proxy arp if vpn client on same subnet with other pc
有段時間, 連不上VPN, 在log 看到
Log of unsuccessful connection attempt:
09:46:04 ipsec,info respond new phase 1 (Identity Protection): yyy.yyy.yyy.yyy [500]<=>xxx.xxx.xxx.xxx[14925] 09:46:05 ipsec,info ISAKMP-SA establishedyyy.yyy.yyy.yyy[4500]-xxx.xxx.xxx.xxx[57433] spi:23cca45764b070d7:eea7e3c963fcea73 09:46:05 l2tp,info first L2TP UDP packet received fromxxx.xxx.xxx.xxx
09:46:54 ipsec,info purging ISAKMP-SA[4500]<=>yyy.yyy.yyy.yyyxxx.xxx.xxx.xxx[57433] spi=23cca45764b070d7:eea7e3c963fcea73. 09:46:54 ipsec,info ISAKMP-SA deleted[4500]-yyy.yyy.yyy.yyyxxx.xxx.xxx.xxx[57433] spi:23cca45764b070d7:eea7e3c963fcea73 rekey:1 09:46:57 ipsec,info respond new phase 1 (Identity Protection):[500]<=>84.114.180.14[41920] 09:46:58 ipsec,info ISAKMP-SA establishedyyy.yyy.yyy.yyy[4500]-yyy.yyy.yyy.yyyxxx.xxx.xxx.xxx[55334] spi:d33d89d143b08acd:08ca7a85b78c1903 09:46:58 l2tp,info first L2TP UDP packet received fromxxx.xxx.xxx.xxx09:46:58 l2tp,ppp,info,account YOUR_ACCT logged in, zzz.zzz.zzz.zzz 09:46:58 l2tp,ppp,info <l2tp-YOUR_ACCT>: authenticated 09:46:58 l2tp,ppp,info <l2tp-YOUR_ACCT>: connected
可以看看ipse profile 有沒有開到AES 256 
留言
發佈留言