etc/crets This file holds shared secrets or RSA private keys for authentication. # leftfirewall=yes # this is necessary when using Proxmox VE firewall rules etc/nf # nf - strongSwan IPsec configuration file We have to use ip mode encapsulation for l2tpv3, because I did not figured out how to define policy for udp mode, which also may conflict with mikrotik l2tp server ipsec policy. Since L2tpv3 is not encrypted is good idea to encrypt your traffic with ipsec. bridge name bridge id STP enabled interfacesįunny part – IPsec between mikrotik & linux If this works, you can add interface into bridge. If you configure IP addresses on both ends of tunnel, you should be able to ping remote side. Mikrotik does not support simple IPSec mode (you can not enable “Use Ipsec”) L2 tunnel to linux must use “Unmanaged mode” and “Use L2 Specific Sublayer”. In ip mode encapsulation ip proto 115 is used. Mikrotik uses fixed port udp 1701 in UDP mode. Ip l2tp add session tunnel_id 100 session_id 100 peer_session_id 100 Linux side: ip l2tp add tunnel tunnel_id 100 peer_tunnel_id 100 encap ip local .Y remote 62.197.X.Y Mikrotik 7.1 also support l2tpv3, which is not very well documented in Mikrotik wiki yet, but it enables Layer 2 VPN. In my setup I wanted to be able migrate VMs from local Proxmox PVE to PVE running in Hetzner in datacenter. What if you need L2 VPN, for example to migrate local server to datacenter and from network view keep it in your local network? Wireguard vpn is fine, but it is layer 3 VPN – can not be bridged. Mikrotik version 7 brings many new features, including wireguard vpn.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |