Router Installation and Configuration Manual/Configuring L2TP for Mikrotik
From ImageStream Router Documentation
This section describes how to configure L2tp to terminate tunnels between ImageStream and Mikrotik routers. L2TP uses a IP/UDP tunnel on port 1701 to encapsulate the PPP frames and tunnel them over an IP network.
This is an specific configuration example. Interoperability with Mikrotik L2TP tunnels requires a router running version 4.4.0-99 or newer. This configuration requires that the L2TP tunnel does not have password authentication. Please note, PPP authentication will still be preformed as outlined below. This configuration also requires that the "tunnel peer name" is set to "default". The Mikrotik router needs to be configured as a "L2TP Client".
Theory of Operation
The Mikrotik is configured to connect to the ImageStream router via an L2TP Tunnel interface. The Mikrotik must initiate the L2TP tunnel. The Mirotik client router creates a L2TP tunnel to the ImageStream router. By default incoming L2TP tunnel requests are allowed to any ip address assigned to the router.
Once the L2TP tunnel is established the Mikrotik's PPP authenticate request is sent to the ImageStream Router. At this point we start up a PPP session and authenticate the user via RADIUS or via a configured username/password pair. Normal PPP negotiations continue from this point with IP address negotiation and such. The end result is the Mikrotik now has a PPP session tunneled over an L2TP/IP/UDP tunnel to our ImageStream router.
Specific Configuration Examples
! user josh password testing ! interface Tunnel1 tunnel mode l2tp tunnel peer name default tunnel local name rt-gw tunnel virtual-template 1 ! interface Virtual-Template1 ip address 192.168.24.13 255.255.255.248 peer default ip pool pool1 ppp authentication pap chap mtu 1500 ! ip local pool pool1 192.168.24.14 192.168.24.18 !
This example uses a UserName/Password pair defined in the wan.conf file(Network Interface Configuration). This example also sets up a local ip pool of addresses from 192.168.24.14 to 192.168.24.18 the ImageStream router will use ip address 192.168.24.13.
! interface Tunnel1 tunnel mode l2tp tunnel peer name default tunnel local name rt-gw tunnel virtual-template 1 ! interface Virtual-Template1 ip address 192.168.24.13 255.255.255.248 peer default ip pool pool1 radius-server host 18.104.22.168 acct-port 1813 auth-port 1812 key password ppp authentication pap chap mtu 1500 ! ip local pool pool1 192.168.24.14 192.168.24.18 !
This example uses a Radius server located at 22.214.171.124 to authenticate the ppp authentication request coming from the Mikrotik router. The ImageStream router will honor all supported radius attributes.