/ip ipsec peer profile
set [ find default=yes ] dh-group=ecp256,modp2048 enc-algorithm=aes-256 hash-algorithm=sha256
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc pfs-group=ecp256
/ip firewall filter
add chain=input protocol=udp port=1701,500,4500 comment=L2TP_IPSEC
add chain=input protocol=ipsec-esp
Important
Replace my-home.address.com
, MY_STRONG_PRE-SHARED_KEY
to the actual settings.
Note
The last command routes only the connection of 192.168.0.1
- 192.168.255.254
via the VPN, while using the default network route for others.
Add-VpnConnection -Name "home" -ServerAddress my-home.address.com -SplitTunneling -TunnelType L2tp -L2tpPsk "MY_STRONG_PRE-SHARED_KEY" -Force -RememberCredential -AllUserConnection
Set-VpnConnectionIPsecConfiguration -ConnectionName "home" -EncryptionMethod AES256 -CipherTransformConstants AES256 -IntegrityCheckMethod SHA256 -PfsGroup ECP256 -DHGroup ECP256 -AuthenticationTransformConstants SHA196 -PassThru -Force
Get-VpnConnection -Name "home" -AllUserConnection | Add-VpnConnectionRoute -DestinationPrefix "192.168.0.0/16" -PassThru