Skip to content

Instantly share code, notes, and snippets.

@jim60105

jim60105/l2tp.md

Created February 16, 2024 07:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jim60105/17cd3c78896639f2cc56325d0c1fac39 to your computer and use it in GitHub Desktop.
Save jim60105/17cd3c78896639f2cc56325d0c1fac39 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
l2tp.md

MikroTik settings:

/ip ipsec peer profile
set [ find default=yes ] dh-group=ecp256,modp2048 enc-algorithm=aes-256 hash-algorithm=sha256

/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc pfs-group=ecp256

/ip firewall filter
add chain=input protocol=udp port=1701,500,4500 comment=L2TP_IPSEC
add chain=input protocol=ipsec-esp

Windows powershell script

Important

Replace my-home.address.com, MY_STRONG_PRE-SHARED_KEY to the actual settings.

Note

The last command routes only the connection of 192.168.0.1 - 192.168.255.254 via the VPN, while using the default network route for others.

Add-VpnConnection -Name "home" -ServerAddress my-home.address.com -SplitTunneling -TunnelType L2tp -L2tpPsk "MY_STRONG_PRE-SHARED_KEY" -Force -RememberCredential -AllUserConnection 
Set-VpnConnectionIPsecConfiguration -ConnectionName "home" -EncryptionMethod AES256 -CipherTransformConstants AES256 -IntegrityCheckMethod SHA256 -PfsGroup ECP256 -DHGroup ECP256 -AuthenticationTransformConstants SHA196 -PassThru -Force
Get-VpnConnection -Name "home" -AllUserConnection | Add-VpnConnectionRoute -DestinationPrefix "192.168.0.0/16" -PassThru
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment