Very easy way to configure Mikrotik L2tp VPN for remote clients

The good thing about Mikrotik l2tp vpn is that unlike pptp, it can be configured with ipsec to provide secured and seemless connection to your internal network.

Smart guys are the once that work on the go! The word is fast moving forward and individuals hardly have the time required for pleasantries. To catch up with this fast evolving world, organizations have incorporated solutions that leverage on existing technologies to provide access to network resources based on logical groupings and not physical locations. To accomplish this, technologies like VPN, MPLS and cloud computing have emerged and over the years, have been helping organizations achieve their set goals. The Mikrotik l2tp vpn with ipsec is one of the ways to achieve this.

With Mikrotik l2tp vpn, business owners can keep an eye on their businesses while vacationing abroad and expatriates can quickly resolve tough network issues while dancing to the music of Drake in a five star hotel somewhere in Brazil without leaving rooms for cyber criminals to break into their networks. But somewhere on this planet, some organizations are still stock with the old ways of doing things. Their excuse; cost! They say the cost of deploying VPN technologies is expensive. Well, that was true until Mikrotik came on board. So, today I am going to show you how you can configure Mikrotik l2tp vpn on a Mikrotik router bought for less that $100 to provide remote access connections for many users. No license required whatsoever! I am so excited, lets jump in!

Configuring Mikrotik l2tp vpn on a Mikrotik router

To set up your Mikrotik router for L2tp VPN using Ipsec for encryption, do the following:
On your Mikrotik router, configure at lest one interface with a public IP and make sure the router has access to the internet. After that, do the following for L2tp VPN set up:

>>Click on PPP>>L2tp server. See image below:

mikrotik l2tp vpn

Make sure to check the boxes as shown in the image above. Especially the box that says “use Ipsec”. Enter a secret key for Ipsec. This key must be the same as the one you will enter while setting up Ipsec.
Next, we go to IP>>Pool. Here we create the pool of addresses from where the VPN server will assign IP addresses to VPN users. Make sure you have excluded these addresses from your DHCP pool. See below:

mikrotik l2tp vpn

Next, go back to PPP>>profile, double click on default encryption and set as shown in the image below:

mikrotik l2tp vpn

The local IP address entered must be the one configured on the LAN interface of your router, for the remote address, select the VPN pool you configured earlier. Enter a local DNS address if you have one, otherwise, use a public DNS address as shown here.
Next, click on the secrete tab and create an account with password and leave the service at any. See below:

You may like: How to configure Ipsec VPN on Mikrotik routers to connect your branch office to the HQ 

mikrotik l2tp vpn
We are almost done. Next, we set up Ipsec for the encryption of VPN data. Click on IP>>Ipsec and follow the steps shown in the image below:
mikrotik l2tp vpn
The secret key entered must match with the Ipsec secret set in the first image. Finally, go to IP>>Ipsec>>proposal and set up a proposal. See below:
mikrotik l2tp vpn
To test this, I am going to use my iPhone to connect.
mikrotik l2tp vpn
mikrotik l2tp vpn
I am connected and can ping the local IP address on the VPN server. This is for remote access users. For a complete guide on how to configure a site to site VPN (IP tunnel) using Mikrotik technology, see here
If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email. Also subscibe to my YouTube channel, like my Facebook page and follow me on Twitter.
Spread the love

Timigate

I believe that Africa will advance technologically if knowledge is shared among the living than out of greed, taken to the grave.

10 thoughts on “Very easy way to configure Mikrotik L2tp VPN for remote clients

  • February 26, 2017 at 3:50 pm
    Permalink

    There are literally tens of reasons why you should use virtual private networking (VPN). Some of the benefits include: Ability to hide your internet activity from your ISP Evade censorship by your work, ISP, government and even school If using a public WiFi, have the ability of protecting yourself from hackers While there are many VPN service providers in the market, not all will give you the service that you deserve. Here are some of the best providers that you should consider: howtogetamericannetflix.pro

    Reply
  • July 2, 2017 at 10:24 am
    Permalink

    This fundamentally includes protecting yourself by controlling the associations with the guide of the best VPN supplier. This infers you ought to approach servers that can control your nourish. VPN service

    Reply
  • July 3, 2017 at 1:31 pm
    Permalink

    The tips mentioned in this article should be able to help you choose the best VPN provider. It is ideal to have a list of a few VPN providers. VPN client

    Reply
  • October 31, 2017 at 7:52 am
    Permalink

    I appreciate everything you have added to my knowledge base.Admiring the time and effort you put into your blog and detailed information you offer.Thanks.
    there

    Reply
  • January 15, 2018 at 8:15 am
    Permalink

    So you had to buy a separate router just for VPN? I thought you can just do all these on the Internet or if you download a software. By router, do you mean an actual hardware? I tried using several free VPN’s before but nothing’s successful yet. A friend recommended ExpressVPN so I’m waiting for updates for him if that worked out well because it’s supposedly paid. I just want to make sure before spending money for it. Have you tried software instead? Does it work the same?

    Reply
    • January 15, 2018 at 12:16 pm
      Permalink

      Brandon, the software works but in such case, you are not in control of the VPN server. All you have is a software that contacts a server for VPN access. The solution discussed in this post, is for companies and individuals who desire remote access to their cooperate network. For it to work, you will need a router capable of VPN setup and a public IP address. Once set up and upon a successful login, you will have access to shared folders on your cooperate network even though you are miles or continents away.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *