Answer the question
In order to leave comments, you need to log in
How to forward ports for RDP through an external L2TP/IPsec VPN server or directly?
Good afternoon comrades, I ask for help.
At the moment there is the following Mikrotik configuration:
# aug/28/2019 19:04:05 by RouterOS 6.43.13
#
# model = RB4011iGS+
/interface l2tp-client
add add-default-route=yes connect-to=XX.XX.XX.XX disabled=no ipsec-secret=XXXXXXXXXX name=l2tp-vpn password=XXXXXXX use-ipsec=yes user=XXXX
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
add address=1.1.1.10/24 interface=wan1 network=1.1.1.0
/ip firewall filter
add action=drop chain=forward comment="Deny access to internet without VPN" out-interface=wan1 src-address=192.168.1.0/24
add action=accept chain=forward comment="Allow access to internet over VPN" out-interface=l2tp-vpn src-address=192.168.1.0/24
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="Send packets through VPN to internet" out-interface=l2tp-vpn
/ip route
add distance=2 gateway=194.183.171.1
add action=drop chain=forward comment="Deny access to internet without VPN" out-interface=wan1 src-address=192.168.1.0/24
add action=accept chain=forward comment="Allow access to internet over VPN" out-interface=l2tp-vpn src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Send packets through VPN to internet" out-interface=l2tp-vpn
ip route add 192.168.1.0/24 via 192.168.12.1 dev ppp0
Answer the question
In order to leave comments, you need to log in
1) Does the computer on which you need to configure RDP have an external WHITE address? The fact is that the so-called static address can also be gray!
2) Do you have access to the VPN server?
3) If the question does not tolerate time, write to [email protected]
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question