#opkg update
#opkg install strongswan-full xl2tpd
install for module ipsec, if you not using ipsec skip this:
#opkg install kmod-crypto-aes kmod-crypto-sha1 kmod-ipsec
config xl2tpd:
#vi /etc/xl2tpd/xl2tpd.conf
[global]
port = 1701
[lac mikrotik]
lns = IP_MIKROTIK
pppoptfile = /etc/ppp/options.l2tp
length bit = yes
#vi /etc/ppp/options.l2tp
name openwrt
password 123456
refuse-eap
require-chap
noccp
noauth
mtu 1460
mru 1460
persist
defaultroute
usepeerdns
open your l2tp port on your openwrt
uci add firewall rule
uci set firewall.@rule[-1].name=’L2TP’
uci set firewall.@rule[-1].src=’wan’
uci set firewall.@rule[-1].proto=’udp’
uci set firewall.@rule[-1].dest_port=’1701′
uci set firewall.@rule[-1].target=’ACCEPT’
#uci commit firewall
#/etc/init.d/firewall restart
start vpn
#/etc/init.d/xl2tpd restart
dial :
#echo “c mikrotik” > /var/run/xl2tpd/l2tp-control
check :
#ifconfig ppp0
#logread | grep xl2tp
fyi, openwrt firewall default is drop, so if you want flush just exe this command : nft flush ruleset
or if you want perment disable you can use this command :
/etc/init.id/firewall stop
/etc/init.d/firewall disable
If we want to ensure it is saved and not lost, please follow the steps below:
- /etc/init.d/xl2tpd enable
- vi /etc/hotplug.d/iface/99-l2tp
#!/bin/sh
if [ “$ACTION” = “ifup” ] && [ “$INTERFACE” = “wan” ]; then
sleep 5
echo c mikrotik > /var/run/xl2tpd/l2tp-control
fi
3. chmod +x /etc/hotplug.d/iface/99-l2tp
tambahkan di file /etc/ppp/options.l2tp
maxfail 0
holdoff 5
4. add this command
uci add network route
uci set network.@route[-1].interface=’wan’
uci set network.@route[-1].target=’target ip l2tp’
uci set network.@route[-1].netmask=’255.255.255.255′
uci set network.@route[-1].gateway=’ip default modem’
uci commit network
have trying
Leave a Reply