How to configure L2TP+IPSEC client in OpenWrt 18

Onoro · December 8, 2019, 7:42am

Hello everyone.
Can anyone provide me with step-by-step and up to date instruction how to configure L2TP+IPSEC client in OpenWRT 18 ?
I have L2TP+IPSEC server which running on Mikrotik and various clients which are connecting by Windows and Android devices. It's not a problem to configure Mikrotik-Mikrotik L2TP+IPSEC tunnel but Mikrotik-OpenWRT schema it's quite painful task))

Server side configuration.
Proposal:
Auth algoritm - sha1
Encription algoritm - aes-256-cbc
Pfs group - modp2048

IPSec profile:
Encription algoritm - aes-256
DH Group - modp1024, modp2048
Proposal check- obey

IPSEC - Proposal:
aes-256-cbc

L2TP Authentification:
MS-Chapv2

IPSEC - Protocol
esp

ulmwind · December 7, 2019, 10:12pm

I recommend you to get rid of Mikrotik device.

Onoro · December 12, 2019, 5:41am

So you mean that it will help to configure l2tp tunnel. Right?
And in this case I'll be forced to configure not only client but server also. Great idea...

ulmwind · December 12, 2019, 9:14am

With both OpenWRT routers you have plenty variants to configure secure tunnel: OpenVPN, Wireguard, Strongswan, etc.

Onoro · December 12, 2019, 10:54am

We have a lot of Windows, Android and Linux clients which works without any additional packages via L2TP. Also Mikrotik has HW offload for encryption and switch. How much routers with OpenWRT can provide me with same functions?

jack33 · December 14, 2019, 7:10pm

i tag this thread because i'm interested by the answer too