Подскажите пожалуйста. Микроты с 6.44.3 - hex lite (белый ip) и map lite (ip динамика, серый). Никак не могу соединить их по l2tp без ipsec. Плиз поделитесь мануалом как 6.44 это сделать.thdth
cервер:
Код: Выделить всё
/ip ipsec peer
add name=peer2 passive=yes
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=\
aes-256,aes-192,aes-128
add dh-group=modp1024 enc-algorithm=aes-256,aes-192,aes-128,3des name=l2tp
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des \
pfs-group=none
add enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des name=proposal1
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.200
add name=iptv ranges=192.168.2.100-192.168.2.200
add name=l2tp_pool ranges=172.16.33.2-172.16.33.100
add name=pptp_pool ranges=192.168.3.120-192.168.3.139
/ppp profile
add change-tcp-mss=yes interface-list=VPN local-address=172.16.33.1 name=\
"l2tp server" remote-address=l2tp_pool
add local-address=172.16.32.1 name=pptp-map
/interface l2tp-server server
set authentication=mschap2 default-profile="l2tp server" enabled=yes \
ipsec-secret=**** keepalive-timeout=60
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related protocol=tcp
add action=fasttrack-connection chain=forward connection-state=\
established,related protocol=udp
add action=accept chain=input comment=l2tp in-interface=wan log=yes port=\
1701,500,4500 protocol=udp
add action=accept chain=input in-interface=wan ipsec-policy=in,ipsec \
protocol=ipsec-esp
add action=accept chain=forward comment="FastTrack Connection" \
connection-state=established,related
/ppp secret
add name=*** password=*** profile="l2tp server" service=l2tp
add local-address=172.16.33.1 name=yunin_map password=*** profile=\
"l2tp server" service=l2tp
Код: Выделить всё
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=aes-128
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc,aes-128-ctr pfs-group=\
none
/ppp profile
set *0 interface-list=VPN
add change-tcp-mss=yes interface-list=VPN name="l2tp client" remote-address=\
172.16.33.1
add interface-list=VPN name="pptp client"
/interface l2tp-client
add allow=mschap2 connect-to=*** disabled=no ipsec-secret=\
*** name=l2tp-m12 password=yunindenis profile="l2tp client" user=\
yunin_map