Filter
Top Products
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers 167
RouterOS v3 Configuration and User Guide
And finally, the server must be enabled:
[admin@HomeOffice] interface l2tp-server server> set enabled=yes
[admin@HomeOffice] interface l2tp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@HomeOffice] interface l2tp-server server>
Add a L2TP client to the RemoteOffice router:
[admin@RemoteOffice] interface l2tp-client> add connect-to=192.168.80.1 user=ex \
\... password=lkjrht disabled=no
[admin@RemoteOffice] interface l2tp-client> print
Flags: X - disabled, R - running
0 R name="l2tp-out1" mtu=1460 mru=1460 mrru=disabled connect-to=192.168.80.1
user="ex" password="lkjrht" profile=default add-default-route=no
allow=pap,chap,mschap1,mschap2
[admin@RemoteOffice] interface l2tp-client>
Thus, a L2TP tunnel is created between the routers. This tunnel is like an Ethernet point-to-point
connection between the routers with IP addresses 10.0.103.1 and 10.0.103.2 at each router. It enables
'direct' communication between the routers over third party networks.
W
ISP#1
192.168.80.0/24
W
ISP#
2
192.168.81.0/24
Home Office
To Internet
192.168.80.1/24
LAN
10.150.2.254/24
Remote Office
To Internet
192.168.81.1/24
LAN
10.150.1.254/24
10.150.2.1/24
10.150.1.1/24
Network Setup with L2TP
Big
Internet
Encrypted L2TP tunnel
From
10. 0.103.1/24
To
10. 0.103.2/24
Figure 24: Secure Remote office connection through L2TP tunnel
To route the local Intranets over the L2TP tunnel you need to add these routes:
[admin@HomeOffice] > ip route add dst-address 10.150.1.0/24 gateway 10.0.103.2
[admin@RemoteOffice] > ip route add dst-address 10.150.2.0/24 gateway 10.0.103.1