wsvn53 · September 17, 2016 10:05
diff --git a/ros-enable-l2tp.sh b/ros-enable-l2tp.sh
 /ip pool
 add name=vpn-pool ranges=10.2.2.2-10.2.2.22

 /ppp profile
 set [find name=default-encryption] dns-server=10.2.2.1 local-address=10.2.2.1 remote-address=vpn-pool

 /ppp secret
 add name=帳號 password=密碼 profile=default

 /interface l2tp-server server
 set authentication=mschap2 enabled=yes

 /ip ipsec proposal
 set [ find default=yes ] enc-algorithms=aes-128-cbc,aes-192-cbc,aes-256-cbc lifetime=8h pfs-group=none

 /ip ipsec peer
 add enc-algorithm=aes-128,aes-192,aes-256 exchange-mode=main-l2tp generate-policy=port-override lifetime=8h passive=yes secret=密鑰 send-initial-contact=no

 /ip firewall filter
 add chain=input dst-port=1701,500,4500 protocol=udp
 add chain=input protocol=ipsec-esp

 # enable ddns service
 /ip cloud set ddns-enabled=yes
 /ip cloud print
	/ip pool
	add name=vpn-pool ranges=10.2.2.2-10.2.2.22

	/ppp profile
	set [find name=default-encryption] dns-server=10.2.2.1 local-address=10.2.2.1 remote-address=vpn-pool

	/ppp secret
	add name=帳號 password=密碼 profile=default

	/interface l2tp-server server
	set authentication=mschap2 enabled=yes

	/ip ipsec proposal
	set [ find default=yes ] enc-algorithms=aes-128-cbc,aes-192-cbc,aes-256-cbc lifetime=8h pfs-group=none

	/ip ipsec peer
	add enc-algorithm=aes-128,aes-192,aes-256 exchange-mode=main-l2tp generate-policy=port-override lifetime=8h passive=yes secret=密鑰 send-initial-contact=no

	/ip firewall filter
	add chain=input dst-port=1701,500,4500 protocol=udp
	add chain=input protocol=ipsec-esp

	# enable ddns service
	/ip cloud set ddns-enabled=yes
	/ip cloud print