Very easy way to configure Mikrotik L2tp VPN for remote clients

Smart guys are the once that work on the go! The word is fast moving forward and individuals hardly have the time required for pleasantries. To catch up with this fast evolving world, organizations have incorporated solutions that leverage on technologies that provide access to network resources based on logical groupings and not physical locations. To accomplish this, technologies like VPN, MPLS and cloud computing have emerged and over the years, have been helping organizations achieve their set goals.

 Business owners can keep an eye on their businesses while vacationing abroad and expatriates can quickly resolve tough network issues while dancing to the music of Drake in a five star hotel somewhere in Brazil without leaving rooms for cyber criminals to break into their networks. But somewhere on this planet, some organizations are still stock with the old ways of doing things. Their excuse; cost! They say the cost of deploying VPN technology is expensive. Well, that was true until Mikrotik came on board. So, today I am going to show you how you can configure a Mikrotik router bought for less that $100 to provide remote access VPN for so many users. No license required whatsoever! I am so excited, lets jump in!

To set up your Mikrotik router for L2tp VPN using Ipsec for encryption, do the following:
On your Mikrotik router configure at lest one interface with a public IP and make sure the router has access to the internet. After that, do the following for L2tp VPN set up:

>>Click on PPP>>L2tp server. See image below:

Make sure to check the boxes as shown in the image above. Especially the box that says “use Ipsec”. Enter a secret key for Ipsec. This key must be the same as the one you will enter while setting up Ipsec.
Next, we go to IP>>Pool. Here we create the pool of addresses from where the VPN server will assign IP addresses to VPN users. Make sure you have excluded these addresses from your DHCP pool. See below:

Next, go back to PPP>>profile, double click on default encryption and set as shown in the image below:

The local IP address entered must be the one configured on the LAN interface of your router, for the remote address, select the VPN pool you configured earlier. Enter a local DNS address if you have one, otherwise, use a public DNS address as shown here.
Next, click on the secrete tab and create an account with password and leave the service at any. See below:

You may like: How to configure Ipsec VPN on Mikrotik routers to connect your branch office to the HQ 

We are almost done. Next, we set up Ipsec for the encryption of VPN data. Click on IP>>Ipsec and follow the steps shown in the image below:
The secret key entered must match with the Ipsec secret set in the first image. Finally, go to IP>>Ipsec>>proposal and set up a proposal. See below:
To test this, I am going to use my iPhone to connect.

I am connected and can ping the local IP address on the VPN server. This is for remote access users. For a complete guide on how to configure a site to site VPN (IP tunnel) using Mikrotik technology, see here
Spread the love


Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.

10 thoughts on “Very easy way to configure Mikrotik L2tp VPN for remote clients

  • February 26, 2017 at 3:50 pm

    There are literally tens of reasons why you should use virtual private networking (VPN). Some of the benefits include: Ability to hide your internet activity from your ISP Evade censorship by your work, ISP, government and even school If using a public WiFi, have the ability of protecting yourself from hackers While there are many VPN service providers in the market, not all will give you the service that you deserve. Here are some of the best providers that you should consider:

  • July 2, 2017 at 10:24 am

    This fundamentally includes protecting yourself by controlling the associations with the guide of the best VPN supplier. This infers you ought to approach servers that can control your nourish. VPN service

  • July 3, 2017 at 1:31 pm

    The tips mentioned in this article should be able to help you choose the best VPN provider. It is ideal to have a list of a few VPN providers. VPN client

  • October 31, 2017 at 7:52 am

    I appreciate everything you have added to my knowledge base.Admiring the time and effort you put into your blog and detailed information you offer.Thanks.

  • January 15, 2018 at 8:15 am

    So you had to buy a separate router just for VPN? I thought you can just do all these on the Internet or if you download a software. By router, do you mean an actual hardware? I tried using several free VPN’s before but nothing’s successful yet. A friend recommended ExpressVPN so I’m waiting for updates for him if that worked out well because it’s supposedly paid. I just want to make sure before spending money for it. Have you tried software instead? Does it work the same?

    • January 15, 2018 at 12:16 pm

      Brandon, the software works but in such case, you are not in control of the VPN server. All you have is a software that contacts a server for VPN access. The solution discussed in this post, is for companies and individuals who desire remote access to their cooperate network. For it to work, you will need a router capable of VPN setup and a public IP address. Once set up and upon a successful login, you will have access to shared folders on your cooperate network even though you are miles or continents away.


Leave a Reply

Your email address will not be published. Required fields are marked *