{"id":42,"date":"2026-01-22T02:05:56","date_gmt":"2026-01-22T02:05:56","guid":{"rendered":"https:\/\/vyos.web.id\/?p=42"},"modified":"2026-02-21T07:16:11","modified_gmt":"2026-02-21T07:16:11","slug":"l2tp-in-openwrt","status":"publish","type":"post","link":"https:\/\/vyos.web.id\/?p=42","title":{"rendered":"L2TP in OpenWRT"},"content":{"rendered":"\n<p>#opkg update<\/p>\n\n\n\n<p>#opkg install strongswan-full xl2tpd<\/p>\n\n\n\n<p>install for module ipsec, if you not using ipsec skip this:<\/p>\n\n\n\n<p>#opkg install kmod-crypto-aes kmod-crypto-sha1 kmod-ipsec<\/p>\n\n\n\n<p>config xl2tpd:<\/p>\n\n\n\n<p>#vi \/etc\/xl2tpd\/xl2tpd.conf <\/p>\n\n\n\n<p>[global]<br>port = 1701<\/p>\n\n\n\n<p>[lac mikrotik]<br>lns = IP_MIKROTIK<br>pppoptfile = \/etc\/ppp\/options.l2tp<br>length bit = yes<\/p>\n\n\n\n<p>#vi \/etc\/ppp\/options.l2tp<\/p>\n\n\n\n<p>name openwrt<br>password 123456<br>refuse-eap<br>require-chap<br>noccp<br>noauth<br>mtu 1460<br>mru 1460<br>persist<br>defaultroute<br>usepeerdns<\/p>\n\n\n\n<p>open your l2tp port on your openwrt<\/p>\n\n\n\n<p>uci add firewall rule<br>uci set firewall.@rule[-1].name=&#8217;L2TP&#8217;<br>uci set firewall.@rule[-1].src=&#8217;wan&#8217;<br>uci set firewall.@rule[-1].proto=&#8217;udp&#8217;<br>uci set firewall.@rule[-1].dest_port=&#8217;1701&#8242;<br>uci set firewall.@rule[-1].target=&#8217;ACCEPT&#8217;<br>#uci commit firewall<br>#\/etc\/init.d\/firewall restart<\/p>\n\n\n\n<p>start vpn<\/p>\n\n\n\n<p>#\/etc\/init.d\/xl2tpd restart<\/p>\n\n\n\n<p>dial : <\/p>\n\n\n\n<p>#echo &#8220;c mikrotik&#8221; &gt; \/var\/run\/xl2tpd\/l2tp-control<\/p>\n\n\n\n<p>check :<\/p>\n\n\n\n<p>#ifconfig ppp0<br>#logread | grep xl2tp<\/p>\n\n\n\n<p>fyi, openwrt firewall default is drop, so if you want flush just exe this command : nft flush ruleset<\/p>\n\n\n\n<p>or if you want perment disable you can use this command :<\/p>\n\n\n\n<p>\/etc\/init.id\/firewall stop<\/p>\n\n\n\n<p>\/etc\/init.d\/firewall disable<\/p>\n\n\n\n<p>If we want to ensure it is saved and not lost, please follow the steps below:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\/etc\/init.d\/xl2tpd enable<\/li>\n\n\n\n<li>vi \/etc\/hotplug.d\/iface\/99-l2tp<\/li>\n<\/ol>\n\n\n\n<p>#!\/bin\/sh<\/p>\n\n\n\n<p>if [ &#8220;$ACTION&#8221; = &#8220;ifup&#8221; ] &amp;&amp; [ &#8220;$INTERFACE&#8221; = &#8220;wan&#8221; ]; then<br>sleep 5<br>echo c mikrotik &gt; \/var\/run\/xl2tpd\/l2tp-control<br>fi<\/p>\n\n\n\n<p>3. chmod +x \/etc\/hotplug.d\/iface\/99-l2tp<\/p>\n\n\n\n<p>tambahkan di file \/etc\/ppp\/options.l2tp<\/p>\n\n\n\n<p><br>maxfail 0<br>holdoff 5<\/p>\n\n\n\n<p>4. add this command <\/p>\n\n\n\n<p>uci add network route<br>uci set network.@route[-1].interface=&#8217;wan&#8217;<br>uci set network.@route[-1].target=&#8217;target ip l2tp&#8217;<br>uci set network.@route[-1].netmask=&#8217;255.255.255.255&#8242;<br>uci set network.@route[-1].gateway=&#8217;ip default modem&#8217;<br>uci commit network<\/p>\n\n\n\n<p>have trying<\/p>\n","protected":false},"excerpt":{"rendered":"<p>#opkg update #opkg install strongswan-full xl2tpd install for module ipsec, if you not using ipsec skip this: #opkg install kmod-crypto-aes kmod-crypto-sha1 kmod-ipsec config xl2tpd: #vi \/etc\/xl2tpd\/xl2tpd.conf [global]port = 1701 [lac mikrotik]lns = IP_MIKROTIKpppoptfile = \/etc\/ppp\/options.l2tplength bit = yes #vi \/etc\/ppp\/options.l2tp name openwrtpassword 123456refuse-eaprequire-chapnoccpnoauthmtu 1460mru 1460persistdefaultrouteusepeerdns open your l2tp port on your openwrt uci add firewall [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-42","post","type-post","status-publish","format-standard","hentry","category-openwrt"],"_links":{"self":[{"href":"https:\/\/vyos.web.id\/index.php?rest_route=\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vyos.web.id\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vyos.web.id\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vyos.web.id\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vyos.web.id\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=42"}],"version-history":[{"count":4,"href":"https:\/\/vyos.web.id\/index.php?rest_route=\/wp\/v2\/posts\/42\/revisions"}],"predecessor-version":[{"id":64,"href":"https:\/\/vyos.web.id\/index.php?rest_route=\/wp\/v2\/posts\/42\/revisions\/64"}],"wp:attachment":[{"href":"https:\/\/vyos.web.id\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vyos.web.id\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vyos.web.id\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}