wiki:Mikrotikvpn

Version 2 (modified by krit, 4 years ago) (diff)

--

Mikrotik VPN

We want Mikrotik to make l2tp connect to server when it check the webserver.

  1. Web server site
  2. VPN server
  3. l2tp Mikrotik client

On Web server, we need to edit file out.txt for any vpn client to check the connect need or not. 

[krit@mini D4410D3300C8]$ pwd
/home/krit/public_html/Tmp/D4410D3300C8
[krit@mini D4410D3300C8]$ cat out2.txt 
trueiot.io, tonic11, vpnPassw0rd, 1,
[krit@mini D4410D3300C8]$

In above, vpn server=trueiot.io, vpn username=tonic11, passwd=vpnPassw0rd, connect enable=1 (to disable connection this value will be 0)

VPN with l2tp config script 

 5   name="http_get_5" owner="admin" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon 
     dont-require-permissions=no last-started=feb/27/2021 00:36:10 run-count=10 source=
       {
             :local serialnum [/system routerboard get serial-number];
             :put $serialnum;
             :local result [/tool fetch url="http://192.168.5.1/~krit/Tmp/$serialnum/out2.txt" as-value output=user];
             :put $result;
             :local msg ($result->"data");
             :put "---msg---";
             :put $msg;
             :put "---msg 3 --";
             :local myArray [:toarray [:pick $msg ([:find $msg ":"]) [:len $msg]]];
             :local ipaddr [:pick $myArray 0];
             :local uname [:pick $myArray 1];
             :local passwd [:pick $myArray 2];
             :local conn [:pick $myArray 3];
             :put "ip: $ipaddr";
             :put "user: $uname";
             :put "passwd: $passwd";
             :put "connect: $conn"; 
             :put "------------";
             :local serialnum [/system routerboard get serial-number];
             :put $serialnum;
             :if ($result->"status" = "finished") do={                                            
                :if ( $conn = "0" ) do={
                    :log info "value is $conn disable l2tp-out1 for user $uname";      
                    :put "value is $conn disable l2tp-out1 for user $uname";
                    /interface l2tp-client disable l2tp-out1; 
                } else={             
                    :put "edit user: $uname in l2tp";
                    :log info "edit user: $uname in l2tp";
                    /interface l2tp-client set connect-to=$ipaddr l2tp-out1;
                    /interface l2tp-client set user=$uname l2tp-out1; 
                    /interface l2tp-client set password=$passwd l2tp-out1;
                    /interface l2tp-client enable l2tp-out1;
                 }
              }                        
       } 

[admin@MikroTik] >