|
发表于 2005-6-28 16:29:48
|
显示全部楼层
QUOTE(hp_811007 @ Jun 28 2005, 07:04 AM)
我说的的是在ROUTEROS那边怎么办,和ADSL那边没有任何关系,ADSL那边可以解决!
[right][snapback]52456[/snapback][/right]
既然不是很明白,说话就不要太绝对(尤其连手册都没看过):
1、ROS支持IPSEC的VPN
2、未必一定是ROS端出的问题
以下是手册内容:
Connecting a Remote Client via L2TP Tunnel
The following example shows how to connect a computer to a remote office network over L2TP
encrypted tunnel giving that computer an IP address from the same network as the remote office has
(without need of bridging over EoIP tunnels).
Please, consult the respective manual on how to set up a L2TP client with the software you are
using.
The router in this example:
[RemoteOffice]
Interface ToInternet 192.168.81.1/24
Interface Office 10.150.1.254/24
The client computer can access the router through the Internet.
On the L2TP server a user must be set up for the client:
[admin@RemoteOffice] ppp secret> add name=ex service=l2tp password=lkjrht
local-address=10.150.1.254 remote-address=10.150.1.2
[admin@RemoteOffice] ppp secret> print detail
Flags: X - disabled
0 name="ex" service=l2tp caller-id="" password="lkjrht" profile=default
local-address=10.150.1.254 remote-address=10.150.1.2 routes==""
[admin@RemoteOffice] ppp secret>
Then the user should be added in the L2TP server list:
[admin@RemoteOffice] interface l2tp-server> add name=FromLaptop user=ex
[admin@RemoteOffice] interface l2tp-server> print
Flags: X - disabled, D - dynamic, R - running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENC...
0 FromLaptop ex
[admin@RemoteOffice] interface l2tp-server>
And the server must be enabled:
[admin@RemoteOffice] interface l2tp-server server> set enabled=yes
Page 70 of 537
[admin@RemoteOffice] interface l2tp-server server> print
enabled: yes
mtu: 1460
mru: 1460
authentication: mschap2
default-profile: default
[admin@RemoteOffice] interface l2tp-server server>
Finally, the proxy APR must be enabled on the 'Office' interface:
[admin@RemoteOffice] interface ethernet> set Office arp=proxy-arp
[admin@RemoteOffice] interface ethernet> print
Flags: X - disabled, R - running
# NAME MTU MAC-ADDRESS ARP
0 R ToInternet 1500 00:30:4F:0B:7B:C1 enabled
1 R Office 1500 00:30:4F:06:62:12 proxy-arp
[admin@RemoteOffice] interface ethernet>
L2TP Setup for Windows
Microsoft provides L2TP client support for Windows XP, 2000, NT4, ME and 98. Windows 2000
and XP include support in the Windows setup or automatically install L2TP. For 98, NT and ME,
installation requires a download from Microsoft (L2TP/IPsec VPN Client).
For more information, see:
Microsoft L2TP/IPsec VPN Client Microsoft L2TP/IPsec VPN Client
On Windows 2000, L2TP setup without IPsec requires editing registry:
Disabling IPsec for the Windows 2000 Client
Disabling IPSEC Policy Used with L2TP
Troubleshooting
Description
I use firewall and I cannot establish L2TP connection
Make sure UDP connections can pass through both directions between your sites.
My Windows L2TP/IPsec VPN Client fails to connect to L2TP server with "Error 789"
or "Error 781"
The error messages 789 and 781 occur when IPsec is not configured properly on both ends.
See the respective documentation on how to configure IPsec in the Microsoft L2TP/IPsec VPN
Client and in the MikroTik RouterOS. If you do not want to use IPsec, it can be easily
switched off on the client side. Note: if you are using Windows 2000, you need to edit system
registry using regedt32.exe or regedit.exe. Add the following registry value to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters:
Value Name: ProhibitIpSec
Data Type: REG_DWORD
Value: 1
You must restart the Windows 2000 for the changes to take effect
For more information on configuring Windows 2000, see:
Configuring Cisco IOS and Windows 2000 Clients for L2TP Using Microsoft IAS
Disabling IPSEC Policy Used with L2TP
How to Configure a L2TP/IPsec Connection Using Pre-shared Key Authentication |
|