Categories: MikroTik

Very easy way to configure Mikrotik L2tp VPN for remote clients

The good thing about Mikrotik l2tp vpn is that unlike pptp, it can be configured with ipsec to provide secured and seemless connection to your internal network.

Smart guys are the once that work on the go! The word is fast moving forward and individuals hardly have the time required for pleasantries. To catch up with this fast evolving world, organizations have incorporated solutions that leverage on existing technologies to provide access to network resources based on logical groupings and not physical locations. To accomplish this, technologies like VPN, MPLS and cloud computing have emerged and over the years, have been helping organizations achieve their set goals. The Mikrotik l2tp vpn with ipsec is one of the ways to achieve this.

With Mikrotik l2tp vpn, business owners can keep an eye on their businesses while vacationing abroad and expatriates can quickly resolve tough network issues while dancing to the music of Drake in a five star hotel somewhere in Brazil without leaving rooms for cyber criminals to break into their networks. But somewhere on this planet, some organizations are still stock with the old ways of doing things. Their excuse; cost! They say the cost of deploying VPN technologies is expensive. Well, that was true until Mikrotik came on board. So, today I am going to show you how you can configure Mikrotik l2tp vpn on a Mikrotik router bought for less that $100 to provide remote access connections for many users. No license required whatsoever! I am so excited, lets jump in!

Configuring Mikrotik l2tp vpn on a Mikrotik router

To set up your Mikrotik router for L2tp VPN using Ipsec for encryption, do the following:
On your Mikrotik router, configure at lest one interface with a public IP and make sure the router has access to the internet. After that, do the following for L2tp VPN set up:

>>Click on PPP>>L2tp server. See image below:

Make sure to check the boxes as shown in the image above. Especially the box that says “use Ipsec”. Enter a secret key for Ipsec. This key must be the same as the one you will enter while setting up Ipsec.
Next, we go to IP>>Pool. Here we create the pool of addresses from where the VPN server will assign IP addresses to VPN users. Make sure you have excluded these addresses from your DHCP pool. See below:

Next, go back to PPP>>profile, double click on default encryption and set as shown in the image below:

The local IP address entered must be the one configured on the LAN interface of your router, for the remote address, select the VPN pool you configured earlier. Enter a local DNS address if you have one, otherwise, use a public DNS address as shown here.
Next, click on the secrete tab and create an account with password and leave the service at any. See below:

You may like: How to configure Ipsec VPN on Mikrotik routers to connect your branch office to the HQ 

We are almost done. Next, we set up Ipsec for the encryption of VPN data. Click on IP>>Ipsec and follow the steps shown in the image below:
The secret key entered must match with the Ipsec secret set in the first image. Finally, go to IP>>Ipsec>>proposal and set up a proposal. See below:
To test this, I am going to use my iPhone to connect.
I am connected and can ping the local IP address on the VPN server. This is for remote access users. For a complete guide on how to configure a site to site VPN (IP tunnel) using Mikrotik technology, see here
If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email. Also subscibe to my YouTube channel, like my Facebook page and follow me on Twitter.
Spread the love

View Comments

  • There are literally tens of reasons why you should use virtual private networking (VPN). Some of the benefits include: Ability to hide your internet activity from your ISP Evade censorship by your work, ISP, government and even school If using a public WiFi, have the ability of protecting yourself from hackers While there are many VPN service providers in the market, not all will give you the service that you deserve. Here are some of the best providers that you should consider:

  • This fundamentally includes protecting yourself by controlling the associations with the guide of the best VPN supplier. This infers you ought to approach servers that can control your nourish. VPN service

  • The tips mentioned in this article should be able to help you choose the best VPN provider. It is ideal to have a list of a few VPN providers. VPN client

  • I appreciate everything you have added to my knowledge base.Admiring the time and effort you put into your blog and detailed information you offer.Thanks.

  • So you had to buy a separate router just for VPN? I thought you can just do all these on the Internet or if you download a software. By router, do you mean an actual hardware? I tried using several free VPN’s before but nothing’s successful yet. A friend recommended ExpressVPN so I’m waiting for updates for him if that worked out well because it’s supposedly paid. I just want to make sure before spending money for it. Have you tried software instead? Does it work the same?

    • Brandon, the software works but in such case, you are not in control of the VPN server. All you have is a software that contacts a server for VPN access. The solution discussed in this post, is for companies and individuals who desire remote access to their cooperate network. For it to work, you will need a router capable of VPN setup and a public IP address. Once set up and upon a successful login, you will have access to shared folders on your cooperate network even though you are miles or continents away.

Recent Posts

Optimize your Metro ethernet with Jumbo MTU

Optimizing Metro Ethernet segments with jumbo MTU (Maximum Transmission Unit) can significantly enhance network performance…

2 months ago

Mikrotik switchOS configuration: a step-by-step guide

MikroTik's SwitchOS is an operating system specifically designed for their line of network switches. It…

2 months ago

Improve your network uptime with VRRP right now

A properly configured VRRP setup does not only track device uptime but also tracks connection…

3 months ago

Have you been configuring NAT the right way on Mikrotik?

Network Address Translation (NAT) is a technique used in networking to map private IP addresses…

3 months ago

Implementing VXLAN over MPLS with Mikrotik

In the ever-evolving landscape of networking technologies, the demand for efficient and scalable solutions has…

3 months ago

Multi-Area OSPF implementation on Mikrotik routers

Setting up Multi-Area OSPF (Open Shortest Path First) on Mikrotik routers involves a few steps.…

3 months ago