Router Installation and Configuration Manual/Configuring L2TP for Mikrotik

From ImageStream Router Documentation

Jump to: navigation, search

This section describes how to configure L2tp to terminate tunnels between ImageStream and Mikrotik routers. L2TP uses a IP/UDP tunnel on port 1701 to encapsulate the PPP frames and tunnel them over an IP network.

Requirements

This is an specific configuration example. Interoperability with Mikrotik L2TP tunnels requires a router running version 4.4.0-99 or newer. This configuration requires that the L2TP tunnel does not have password authentication. Please note, PPP authentication will still be preformed as outlined below. This configuration also requires that the "tunnel peer name" is set to "default". The Mikrotik router needs to be configured as a "L2TP Client".

Theory of Operation

The Mikrotik is configured to connect to the ImageStream router via an L2TP Tunnel interface. The Mikrotik must initiate the L2TP tunnel. The Mirotik client router creates a L2TP tunnel to the ImageStream router. By default incoming L2TP tunnel requests are allowed to any ip address assigned to the router.

Once the L2TP tunnel is established the Mikrotik's PPP authenticate request is sent to the ImageStream Router. At this point we start up a PPP session and authenticate the user via RADIUS or via a configured username/password pair. Normal PPP negotiations continue from this point with IP address negotiation and such. The end result is the Mikrotik now has a PPP session tunneled over an L2TP/IP/UDP tunnel to our ImageStream router.

Specific Configuration Examples

!
user josh password testing
!
interface Tunnel1
 tunnel mode l2tp
 tunnel peer name default
 tunnel local name rt-gw
 tunnel virtual-template 1
!
interface Virtual-Template1
 ip address 192.168.24.13 255.255.255.248
 peer default ip pool pool1
 ppp authentication pap chap
 mtu 1500
!
ip local pool pool1 192.168.24.14 192.168.24.18
!

This example uses a UserName/Password pair defined in the wan.conf file(Network Interface Configuration). This example also sets up a local ip pool of addresses from 192.168.24.14 to 192.168.24.18 the ImageStream router will use ip address 192.168.24.13.

!
interface Tunnel1
 tunnel mode l2tp
 tunnel peer name default
 tunnel local name rt-gw
 tunnel virtual-template 1
!
interface Virtual-Template1
 ip address 192.168.24.13 255.255.255.248
 peer default ip pool pool1
 radius-server host 205.159.243.5 acct-port 1813 auth-port 1812 key password
 ppp authentication pap chap
 mtu 1500
!
ip local pool pool1 192.168.24.14 192.168.24.18
!

This example uses a Radius server located at 205.159.243.5 to authenticate the ppp authentication request coming from the Mikrotik router. The ImageStream router will honor all supported radius attributes.

See also

RADIUS Supported Attributes 
http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP
Personal tools
Router software releases