How to Mikrotik and IPSEC?

xitso

Hi, will you forgive me, but I have little idea about your language and use google translator.

What I want is to connect my router Mikrotik with PIA using L2TP / IPSEC. I do not want a normal tunnel PPTP, i want to connect protecting it with IPSEC.

I have seen this https://support.hidemyass.com/hc/en-us/articles/202721196-Mikrotik-PPTP-L2TP-Setup-OS-6-0-or-newer-

But I do not get to go well with IPSEC, to see if anyone can tell me step by step how.

Thanks.

olkitu

I think i am very late but here is my config:

  /interface l2tp-client add connect-to="fi.privateinterneraccess.com" user=XXX password=XXX ipsec-secret=mysafety

 /ip firewall nat add chain=srcnat out-interface=l2tp-pia  action=masquerade

 /ip firewall mangle add src-address=192.168.88.0/24 action=mark-routing new-routing-mark=to-pia

 /ip route add dst-address=0.0.0.0/0 gateway=l2tp-pia routing-mark=to-pia

ga2h20rnttmcbgqz

olkitu said:

I think i am very late but here is my config:

 /ip firewall mangle add src-address=192.168.88.0/24 action=mark-routing new-routing-mark=to-pia

That needs a chain, what is it? prerouting?

p4078846

ga2h20rnttmcbgqz said:

olkitu said:

I think i am very late but here is my config:

 /ip firewall mangle add src-address=192.168.88.0/24 action=mark-routing new-routing-mark=to-pia

That needs a chain, what is it? prerouting?

The chain is prerouting.

One more thing needs to be done to get IPsec to work.  Go into IP > IPsec > Proposals.  Select "default" and change "PFS Group" to "none".  If you enable ipsec logging and see something like:

ISAKMP-SA established ...
and shortly after:
ISAKMP-SA deleted ...

.. repeated over and over, you need that proposal change.

4anaeB

hello, how to make connections only from the ip 192.168.88.5 was only through vpn and when the vpn drops when all connections from that ip discarded?