VPN (any type) between 2 Mikrotik routers and no static IP addresses

From MikroTik Wiki
Revision as of 09:20, 26 January 2011 by Tplecko (talk | contribs)
Jump to: navigation, search

VPN is very useful when you have a dislocated office, but it requires that at least one location has static IP addresses. Below is the script that allows you to establish a VPN link even if you don't have static IP addresses on any location.

Server side

On the server side we first create an user who will connect to the server: (Be sure to set a complex password and a longer username) 

/ppp secret add caller-id="" comment="Some description" disabled=no limit-bytes-in=0 \
limit-bytes-out=0 local-address=10.0.16.9 name=ka password=ka profile=default \
remote-address=10.0.16.10 routes="" service=l2tp

Then we create a L2TP server interface for the created user: 

/interface l2tp-server add disabled=no name=l2tp-ka user=ka

Creating the server interface is not nececery for all this to work since the ROS will dynamicly create the interface each time the user authenticates, but will ease creation of firewall rules.

Enable the server: 

/interface l2tp-server server set authentication=pap,chap,mschap1,mschap2 \
default-profile=default-encryption enabled=yes max-mru=1460 max-mtu=1460 mrru=disabled


Client side

Create a l2tp client interface to connect to the server. Change IP_OF_L2TP_SERVER to an IP address of your server side router. 

/interface l2tp-client add add-default-route=no allow=pap,chap,mschap1,mschap2 \
connect-to=IP_OF_L2TP_SERVER dial-on-demand=no disabled=no max-mru=1460 \
max-mtu=1460 mrru=disabled name=l2tp-BL password=ka profile=default-encryption user=ka
Retrieved from "https://wiki.mikrotik.com/index.php?title=VPN_(any_type)_between_2_Mikrotik_routers_and_no_static_IP_addresses&oldid=20326"