Mikrotik Ubuntu L2TPv3 one server six mikrotik

From wiki karavi
Revision as of 19:48, 21 June 2026 by Karavi (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

L2TPv3 Tunnel: One Linux Server to 6 MikroTik Routers (Template)

IP Address Plan

# MikroTik IP Server Tunnel IP Client Tunnel IP tid ptid sid psid
1 MIKROTIK_1_IP 10.0.1.1/30 10.0.1.2/30 101 201 1001 2001
2 MIKROTIK_2_IP 10.0.2.1/30 10.0.2.2/30 102 202 1002 2002
3 MIKROTIK_3_IP 10.0.3.1/30 10.0.3.2/30 103 203 1003 2003
4 MIKROTIK_4_IP 10.0.4.1/30 10.0.4.2/30 104 204 1004 2004
5 MIKROTIK_5_IP 10.0.5.1/30 10.0.5.2/30 105 205 1005 2005
6 MIKROTIK_6_IP 10.0.6.1/30 10.0.6.2/30 106 206 1006 2006

---

Linux Server Setup

Step 1 — Install packages

apt install -y linux-modules-extra-$(uname -r) go-l2tp

Step 2 — Load kernel modules

modprobe l2tp_eth l2tp_ip l2tp_netlink
echo -e "l2tp_eth\nl2tp_ip\nl2tp_netlink" > /etc/modules-load.d/l2tp.conf

Step 3 — Verify modules loaded

lsmod | grep l2tp

Expected output: 

l2tp_eth
l2tp_ip
l2tp_netlink
l2tp_core

Step 4 — Create ql2tpd configuration

mkdir -p /etc/ql2tpd
cat > /etc/ql2tpd/ql2tpd.toml << 'EOF'
[tunnel.t1]
  version = "l2tpv3"
  encap = "ip"
  local = "SERVER_IP:0"
  peer = "MIKROTIK_1_IP:0"
  tid = 101
  ptid = 201
  [tunnel.t1.session.s1]
    pseudowire = "eth"
    sid = 1001
    psid = 2001
    interface_name = "l2tpeth1"

[tunnel.t2]
  version = "l2tpv3"
  encap = "ip"
  local = "SERVER_IP:0"
  peer = "MIKROTIK_2_IP:0"
  tid = 102
  ptid = 202
  [tunnel.t2.session.s1]
    pseudowire = "eth"
    sid = 1002
    psid = 2002
    interface_name = "l2tpeth2"

[tunnel.t3]
  version = "l2tpv3"
  encap = "ip"
  local = "SERVER_IP:0"
  peer = "MIKROTIK_3_IP:0"
  tid = 103
  ptid = 203
  [tunnel.t3.session.s1]
    pseudowire = "eth"
    sid = 1003
    psid = 2003
    interface_name = "l2tpeth3"

[tunnel.t4]
  version = "l2tpv3"
  encap = "ip"
  local = "SERVER_IP:0"
  peer = "MIKROTIK_4_IP:0"
  tid = 104
  ptid = 204
  [tunnel.t4.session.s1]
    pseudowire = "eth"
    sid = 1004
    psid = 2004
    interface_name = "l2tpeth4"

[tunnel.t5]
  version = "l2tpv3"
  encap = "ip"
  local = "SERVER_IP:0"
  peer = "MIKROTIK_5_IP:0"
  tid = 105
  ptid = 205
  [tunnel.t5.session.s1]
    pseudowire = "eth"
    sid = 1005
    psid = 2005
    interface_name = "l2tpeth5"

[tunnel.t6]
  version = "l2tpv3"
  encap = "ip"
  local = "SERVER_IP:0"
  peer = "MIKROTIK_6_IP:0"
  tid = 106
  ptid = 206
  [tunnel.t6.session.s1]
    pseudowire = "eth"
    sid = 1006
    psid = 2006
    interface_name = "l2tpeth6"
EOF

Step 5 — Create systemd service

cat > /etc/systemd/system/ql2tpd.service << 'EOF'
[Unit]
Description=L2TPv3 Static Tunnel
After=network.target

[Service]
ExecStart=/usr/sbin/ql2tpd -config /etc/ql2tpd/ql2tpd.toml
Restart=always

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now ql2tpd

Step 6 — Assign tunnel IPs

sleep 2
ip addr add 10.0.1.1/30 dev l2tpeth1 && ip link set l2tpeth1 up
ip addr add 10.0.2.1/30 dev l2tpeth2 && ip link set l2tpeth2 up
ip addr add 10.0.3.1/30 dev l2tpeth3 && ip link set l2tpeth3 up
ip addr add 10.0.4.1/30 dev l2tpeth4 && ip link set l2tpeth4 up
ip addr add 10.0.5.1/30 dev l2tpeth5 && ip link set l2tpeth5 up
ip addr add 10.0.6.1/30 dev l2tpeth6 && ip link set l2tpeth6 up

Step 7 — Persist IPs after reboot

cat > /etc/networkd-dispatcher/routable.d/l2tp-ip.sh << 'EOF'
#!/bin/bash
sleep 3
ip addr add 10.0.1.1/30 dev l2tpeth1 2>/dev/null && ip link set l2tpeth1 up 2>/dev/null
ip addr add 10.0.2.1/30 dev l2tpeth2 2>/dev/null && ip link set l2tpeth2 up 2>/dev/null
ip addr add 10.0.3.1/30 dev l2tpeth3 2>/dev/null && ip link set l2tpeth3 up 2>/dev/null
ip addr add 10.0.4.1/30 dev l2tpeth4 2>/dev/null && ip link set l2tpeth4 up 2>/dev/null
ip addr add 10.0.5.1/30 dev l2tpeth5 2>/dev/null && ip link set l2tpeth5 up 2>/dev/null
ip addr add 10.0.6.1/30 dev l2tpeth6 2>/dev/null && ip link set l2tpeth6 up 2>/dev/null
EOF
chmod +x /etc/networkd-dispatcher/routable.d/l2tp-ip.sh

Step 8 — Verify interfaces

ip addr show | grep l2tpeth

---

MikroTik Setup (Run on each router)

Replace the placeholder values from the table above for each MikroTik.

MikroTik 1 — MIKROTIK_1_IP

/interface l2tp-ether add name=l2tpv3 connect-to=SERVER_IP local-address=MIKROTIK_1_IP local-tunnel-id=201 remote-tunnel-id=101 local-session-id=2001 remote-session-id=1001 l2tp-proto-version=l2tpv3-ip unmanaged-mode=yes disabled=no
/ip address add address=10.0.1.2/30 interface=l2tpv3

MikroTik 2 — MIKROTIK_2_IP

/interface l2tp-ether add name=l2tpv3 connect-to=SERVER_IP local-address=MIKROTIK_2_IP local-tunnel-id=202 remote-tunnel-id=102 local-session-id=2002 remote-session-id=1002 l2tp-proto-version=l2tpv3-ip unmanaged-mode=yes disabled=no
/ip address add address=10.0.2.2/30 interface=l2tpv3

MikroTik 3 — MIKROTIK_3_IP

/interface l2tp-ether add name=l2tpv3 connect-to=SERVER_IP local-address=MIKROTIK_3_IP local-tunnel-id=203 remote-tunnel-id=103 local-session-id=2003 remote-session-id=1003 l2tp-proto-version=l2tpv3-ip unmanaged-mode=yes disabled=no
/ip address add address=10.0.3.2/30 interface=l2tpv3

MikroTik 4 — MIKROTIK_4_IP

/interface l2tp-ether add name=l2tpv3 connect-to=SERVER_IP local-address=MIKROTIK_4_IP local-tunnel-id=204 remote-tunnel-id=104 local-session-id=2004 remote-session-id=1004 l2tp-proto-version=l2tpv3-ip unmanaged-mode=yes disabled=no
/ip address add address=10.0.4.2/30 interface=l2tpv3

MikroTik 5 — MIKROTIK_5_IP

/interface l2tp-ether add name=l2tpv3 connect-to=SERVER_IP local-address=MIKROTIK_5_IP local-tunnel-id=205 remote-tunnel-id=105 local-session-id=2005 remote-session-id=1005 l2tp-proto-version=l2tpv3-ip unmanaged-mode=yes disabled=no
/ip address add address=10.0.5.2/30 interface=l2tpv3

MikroTik 6 — MIKROTIK_6_IP

/interface l2tp-ether add name=l2tpv3 connect-to=SERVER_IP local-address=MIKROTIK_6_IP local-tunnel-id=206 remote-tunnel-id=106 local-session-id=2006 remote-session-id=1006 l2tp-proto-version=l2tpv3-ip unmanaged-mode=yes disabled=no
/ip address add address=10.0.6.2/30 interface=l2tpv3

---

Verification

From Linux server — ping all clients: 

ping 10.0.1.2 -c 2
ping 10.0.2.2 -c 2
ping 10.0.3.2 -c 2
ping 10.0.4.2 -c 2
ping 10.0.5.2 -c 2
ping 10.0.6.2 -c 2

From each MikroTik — ping server: 

/ping 10.0.X.1 count=4

---

Cleanup

Linux server: 

systemctl stop ql2tpd
systemctl disable ql2tpd
rm /etc/systemd/system/ql2tpd.service
rm -rf /etc/ql2tpd
rm -f /etc/networkd-dispatcher/routable.d/l2tp-ip.sh
rm -f /etc/modules-load.d/l2tp.conf
systemctl daemon-reload
for i in 1 2 3 4 5 6; do ip link del l2tpeth$i 2>/dev/null; done
modprobe -r l2tp_eth l2tp_ip l2tp_netlink 2>/dev/null
apt remove -y go-l2tp

Each MikroTik: 

/ip address remove [find interface=l2tpv3]
/interface l2tp-ether remove l2tpv3

---

Troubleshooting

Symptom Cause Fix
Module l2tp_eth not found Missing extra modules apt install linux-modules-extra-$(uname -r)
Interface not created ql2tpd not running systemctl restart ql2tpd && sleep 2
Link stays DOWN MikroTik sending control messages Verify unmanaged-mode=yes is set
No packets arriving Firewall blocking proto 115 Allow IP protocol 115 on both sides
IP lost after reboot Persistence script missing Re-run Step 7
Wrong tunnel match Duplicate or swapped IDs Verify tid/ptid/sid/psid per table above

---

Notes

  • Replace all SERVER_IP and MIKROTIK_X_IP placeholders with real IP addresses before running.
  • Each tunnel must have unique tid, ptid, sid, and psid values.
  • MikroTik local-tunnel-id = server ptid and remote-tunnel-id = server tid.
  • unmanaged-mode=yes is mandatory on MikroTik — without it the control protocol runs and the tunnel will not connect to ql2tpd.
  • Tested on Ubuntu 24.04 (kernel 6.8) and RouterOS 7.20.
  • No encryption by default — wrap with IPsec for production use.

---

References

Retrieved from "https://wiki.alikaravi.ir/index.php?title=Mikrotik_Ubuntu_L2TPv3_one_server_six_mikrotik&oldid=173"