Apple e VPN PPTP

Apple IOS10 e MacOS Sierra non contemplano il supporto alle vpn PPTP.

Sui router Mikrotik in nostra gestione che ancora usavano questo protocollo abbiamo cambiato tutte le VPN con L2TP+IPSEC.

Ecco le istruzioni consigliate da Mikrotik.

1) Enable L2TP server,

/interface l2tp-server server
set authentication=mschap2 enabled=yes

2) Configure PPP profile,

/ppp profile
add change-tcp-mss=yes local-address=192.168.17.1 name=ipsec+L2TP remote-address=ipsec-pool use-encryption=yes

/ip pool
add name=ipsec-pool ranges=192.168.17.2-192.168.17<wbr></wbr>.254

3) Create PPP secret,

/ppp secret
add name=sergejs password="routeros" profile=ipsec+L2TP service=l2tp

4) Add static PPP interface to manage firewall easily.

/interface l2tp-server add name=l_sergejs user=sergejs

The same configuration you have used for PPTP previously. Additional configuration that is required.

Create IPSec configuration:
1) setup

/ip ipsec policy group
add name=ipsec+l2tp

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes<wbr></wbr>-128-cbc,3des

I configure ip ipsec peer, as default algorithms does not work too good with all OS (that you configure on L2TP server IPSec configuration).

/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,<wbr></wbr>aes-128,3des generate-policy=\
    port-strict secret=MikroTiKRouterOS

/ip ipsec policy
add dst-address=0.0.0.0/0 protocol=udp src-address=0.0.0.0/0 template=yes

On MACOS I configure L2TPoverIPSec.
1) user authentication password is from /ppp secret
2) machine authentication shared secret is from /ip ipsec peer.

P.S. The particular configuration works for MAC OS Sierra/Captain, IOS 10, Windows 8 and 10.

2016-09-15 ARTICOLI
Network sistemi operativi tecnologia