Answer the question
In order to leave comments, you need to log in
What piece of iron to take instead of Mikrotik to organize an L2tp / VPN server?
What can be taken instead of MIKROTIK? The main functionality is an L2TP/VPN server, connecting clients and combining offices. In MIKROTIK, there is a problem with connecting 2 or more clients from one address via L2TP.
Answer the question
In order to leave comments, you need to log in
This is not annoying Mikrotik, but the implementation of l2tp / ipsec + NAT on the client. And this will happen in any implementation of l2tp
I suspect the following will help solve your problem
Should have helped in theory, but it still doesn't work in practice.
There is a d-link DFL-870 with a declared vpn of 1 GB at a very affordable price, dfl is very popular in the Russian Federation due to its capabilities and price.
Fortigate (the price will be twice as much (60f), but the new generation is certainly cool for 64 thousand rubles 6.5 GB VPN to pull. I now have a test VPN lying on the table between 60e (2.7 GB) and 30e, a 170 Mbps tunnel (for 30E is only 75Mbps in terms of ipsec speed, but I have point-to-point mode, but it pulls 170Mbps (and this is with maximum encryption.) more powerful.)
but for example, without paying for subscriptions, it also turns into almost dfl. (the speed will not change, but it will turn into a stupid firewall, and it is very difficult to configure it in 2020, because programs use a bunch of different hosts and networks.)
PS My answer is more about existing hardware. About several VPNs to one server due to one NAT, I can’t say anything, because I don’t have to deal with this, but I suspect that there may be problems with the same
PS2
This is a feature of the l2tp/ipsec protocol. There is a script on the Internet that allows you to negate this limitation, but I would not recommend such a solution for implementation. The correct solution in this situation would be: leave Mikrotik and change the VPN type to IKEv2
MAXXL ,
Well, at least you would try to find the roots and why this is so.
Everyone has the same implementation problem, someone gets around it in one way or another.
The whole essence of the problem is written here, it is better to read it, there are also crutch solutions.
https://forum.mikrotik.com/viewtopic.php?f=2&t=132823
On one of the projects, they went towards SSTP on Windows Server, it works everywhere and there was a binding in AD.
We put it on the same tick and everyone is happy, it works on all devices.
You don't need to add anything extra.
As an option, install a Radios server, then you can do eap on SSTP ticks and ios, os x clients will work.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question