Boa noite, estou tentando configurar uma VPN L2TP no mikrotik.
Meu link de internet e da NET utilizando o modem DCP 3925, e necessário abrir portas no modem para que a conexão funcione?
Pois ate o momento não obtive sucesso na conexão.
Boa noite, estou tentando configurar uma VPN L2TP no mikrotik.
Meu link de internet e da NET utilizando o modem DCP 3925, e necessário abrir portas no modem para que a conexão funcione?
Pois ate o momento não obtive sucesso na conexão.
Servidor ou cliente na rua rb? Modem em bridge ou router?
Boa Tarde Bruno, pelo que entendi, você já tem uma internet rodando no mikrotik chegando do seu modem DCP 3925, certo, neste caso, não precisa liberar porta pois quem fara o trafico é a sua internet e a internet da filial.
Tem um detalhe se vc ja configurou a sua VPN, vc colocou ela nas rotas? Se quiser postar suas regras a gente analisa e tenta uma solução.
Abraços
Wanderley (Guma)
Minha RB é servidor. O modem da Net está em modo router.
Através dá rede local consigo acessar a VPN. Pela internet não funciona.
Também não consigo acessar minha RB via ddns. Creio que esse seja o problema.
Se esta como router (obviamente) tem que abrir portas tanto pra vpn qto winbox...
E também desativar o firewall e / ou permitir o protocolo gre.
No modem da Net abri as seguintes portas:
1701
8291
500
4500
Ainda configurei o DMZ do roteador para o IP dá RB (192.168.1.99).
No roteador tem a opção VPN passthrough.
Onde habilitei Ipsec Passthrough e PPtp Passthrough.
Segue as regras que estão na RB.
/ip pool
add name=dhcp ranges=192.168.0.20-192.168.0.254
add name=VPN_Pool ranges=10.10.10.10-10.10.10.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=Local name=default
/ppp profile
add dns-server=8.8.8.8,8.8.4.4 local-address=10.10.10.1 name=VPN-L2TP \
remote-address=VPN_Pool use-encryption=required
set *FFFFFFFE dns-server=8.8.8.8 local-address=10.10.10.1 remote-address=\
VPN_Pool wins-server=4.4.4.4
/interface l2tp-server server
set default-profile=VPN-L2TP enabled=yes ipsec-secret=1234 use-ipsec=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.0.5/24 comment="default configuration" interface=Local \
network=192.168.0.0
add address=192.168.1.99/24 comment="Rede Publica - Internet" interface=Publica \
network=192.168.1.0
/ip dhcp-server network
add address=192.168.0.0/24 comment="default configuration" gateway=192.168.0.5 \
netmask=24
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=\
established,related
add action=drop chain=input comment="default configuration" in-interface=\
Publica
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add chain=forward comment="default configuration" connection-state=\
established,related
add action=drop chain=forward comment="default configuration" connection-state=\
invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=Publica
add action=drop chain=input comment="Barrando porta proxy externo" dst-port=\
8080 in-interface=Publica protocol=tcp
add action=drop chain=input comment="Bloqueia acesso externo ao DNS" \
connection-state=new dst-port=53 in-interface=Publica protocol=udp
add action=drop chain=forward comment="Bloqueia acesso externo ao DNS" \
connection-state=new dst-port=53 in-interface=Publica protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1368 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=10080 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=3031 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1381 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1381 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=545 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=545 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=\
201-209 protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=\
201-209 protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1416 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1416 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1366 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1366 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=396 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=396 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1512 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1512 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=\
568-569 protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=\
568-569 protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=525 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=525 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=513 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=513 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=65506 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=27374 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=17300 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=12345 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=10000 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=9898 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=8866 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=5554 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=4444 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=4444 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=3410 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=2745 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=2535 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=2283 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=2745 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1377 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1373 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1364 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1363 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1214 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=1080 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=\
1024-1030 protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=593 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=445 \
protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=445 \
protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" protocol=tcp \
src-port=135-139
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=\
135-139 protocol=tcp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" dst-port=\
135-139 protocol=udp
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" protocol=udp \
src-port=135-139
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" protocol=udp \
src-port=445
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" protocol=tcp \
src-port=445
add action=drop chain=VIRUS comment="Lista de bloquio de Virus" protocol=udp \
src-port=3031
add action=drop chain=forward comment="IP banido" src-address=10.0.0.253
add chain=input comment="Porta VPN" dst-port=1701 protocol=udp
add chain=input comment="Porta VPN" dst-port=500 protocol=udp
add chain=input comment="Porta VPN" dst-port=4500 protocol=udp
add chain=input protocol=ipsec-ah
add chain=input protocol=ipsec-esp
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Regras P2P" \
new-connection-mark=p2p_comm p2p=all-p2p
add action=mark-packet chain=prerouting connection-mark=p2p_comm \
new-packet-mark=p2p
add action=mark-connection chain=prerouting comment="Marcando Porta www 80" \
dst-port=80 new-connection-mark=http_comm protocol=tcp
add action=mark-connection chain=prerouting connection-mark=http_comm \
new-connection-mark=http_down
add action=mark-connection chain=prerouting comment="Marcando Porta FTP" \
dst-port=21 new-connection-mark=ftp_comm protocol=tcp
add action=mark-connection chain=prerouting connection-mark=http_comm \
new-connection-mark=ftp_down
add action=mark-connection chain=prerouting comment="Marcando porta SSH" \
dst-port=22 new-connection-mark=ssh_comm protocol=tcp
add action=mark-connection chain=prerouting connection-mark=ssh_comm \
new-connection-mark=ssh_down
add action=mark-connection chain=prerouting comment=SSL dst-port=443 \
new-connection-mark=443_comm protocol=tcp
add action=mark-packet chain=prerouting connection-mark=443_comm \
new-packet-mark=HTTP
add action=mark-packet chain=prerouting comment="Outros Pacotes" \
connection-mark=p2p_comm new-packet-mark=other protocol=0
/ip firewall nat
add action=masquerade chain=srcnat comment="Rede Local Mascaramento" \
out-interface=Publica
add action=redirect chain=dstnat comment="Redirecionamento Web Proxy" dst-port=\
80 protocol=tcp src-address=192.168.0.0/24 to-ports=8080
add action=dst-nat chain=dstnat comment="Servidor de cameras" dst-address=\
192.168.100.2 in-interface=Publica protocol=tcp to-addresses=192.168.0.150
add action=dst-nat chain=dstnat comment="Servidor Firebird" dst-port=3050 \
in-interface=Publica protocol=tcp to-addresses=192.168.0.11 to-ports=3050
add action=dst-nat chain=dstnat comment="Redirecionamento Cameras " dst-port=\
34567 in-interface=Publica protocol=tcp to-addresses=192.168.0.150 \
to-ports=34567
add action=dst-nat chain=dstnat dst-port=8080 in-interface=Publica protocol=tcp \
to-addresses=192.168.0.150 to-ports=8080
add action=dst-nat chain=dstnat dst-port=34599 in-interface=Publica protocol=\
tcp to-addresses=192.168.0.150 to-ports=34599
add action=masquerade chain=srcnat comment="NAT VPN L2TP" src-address=\
10.10.10.0/24
@brunodias abrir vários tópicos do mesmo problema não vai te ajudar em nada...
Sim, vou colocar o modem em bridge.
E fazer os devidos testes.
Obrigado a todos!.