MikroTik: L2TP Server + IPSec

Настраиваем IPsec:


/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-128
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1


Настраиваем l2tp-server:

/interface bridge
add name=l2tp_bridge
/ip pool
add name=l2tp_pool ranges=10.9.0.2-10.9.0.10
/ppp profile
add bridge=l2tp_bridge change-tcp-mss=yes dns-server=8.8.8.8 local-address=\
    10.9.0.1 name=l2tp_server remote-address=l2tp_pool use-encryption=\
    required
/interface l2tp-server server
set authentication=chap,mschap1,mschap2 default-profile=l2tp_server enabled=\
    yes ipsec-secret=password max-mru=1460 max-mtu=1460 use-ipsec=yes

Клиентские реквизиты:

/ppp secret
add local-address=10.9.0.1 name=l2tp_client password=password profile=\
    l2tp_server remote-address=10.9.0.2 service=l2tp

Ссылки:
L2TP
https://wiki.merionet.ru/seti/8/nastrojka-l2tp-servera-na-mikrotik/
http://mikrotik.vetriks.ru/wiki/VPN:L2TP_%D0%B8_L2TP/IPsec_client-to-site

Fail2ban MikroTik
http://www.ekzorchik.ru/2018/03/i-disassemble-the-fail2ban-configuration-for-mikrotik-itself/