How to Setting L2TP/IPsec VPN Server on Mikrotik

This post will explain in detail How to Setting L2TP/IPsec VPN Server on Mikrotik.

L2TP (Layer 2 Tunneling Protocol) is one of the VPN protocols which is the development of PPTP VPN which is added by L2F (Layer 2 Forwarding) protocol. L2TP itself does not provide encryption (encryption) on the traffic that passes through it. Well, to provide its encryption features, L2TP is combined with IPsec to increase security and privacy.

IPsec stands for Internet Protocol Security which is a network protocol that provides authentication and encryption of data packets sent over the network. IPsec uses cryptography to protect data communications over Internet Protocol (IP) networks. This makes the use of IPsec will provide a high level of security.

L2TP implementations that use IPsec are commonly referred to as L2TP/IPsec. With a high level of security does not mean difficult and complicated in its configuration. Unlike setting SSTP VPN which is quite complicated, Setting L2TP/IPsec VPN Mikrotik is almost as easy as configuring PPTP VPN Mikrotik. We can use L2TP/IPsec VPN on Mikrotik to create a secure interconnection between locations or between servers and clients.

In this Mikrotik Tutorial, we will demonstrate the application of L2TP/IPsec VPN to interconnect two different locations that are far apart by utilizing an Internet connection. Call it the interconnection of two offices from different countries, where the head office is in Los Angeles (USA) and the branch office is in Singapore. The following is a picture of the interconnection topology:

Call it the interconnection of two offices from different countries
Call it the interconnection of two offices from different countries

Here we will connect between Mikrotik Routers that have a Public IP via the Internet network by utilizing the L2TP/IPsec VPN Tunnel. Let’s just discuss how to set the Mikrotik L2TP.

How to Setting L2TP/IPsec VPN Server on Mikrotik

1. Login to the Mikrotik Router which will be used as an L2TP Server.

2. Activate L2TP Server, go to PPP menu –> Interface tab –> select L2TP Server –> Check Enabled –> Check Use IPsec –> Enter IPsec Secret –> OK

Enable L2TP Server Mikrotik

3. Create an L2TP user, go to the Secrets tab –> Add a new user with the following parameters:

  • Name: enter the desired username
  • Password: enter the password for the username
  • Local Address: IP Address that will be assigned to L2TP Server automatically
  • Remote Address: IP Address that will be assigned to L2TP Client automatically
  • Routes: Can be filled with network at branch offices, will appear in the routing table automatically (dynamic route).
Create Username for L2TP

4. Now we set the IPsec. Go to IP menu –> IPsec –> Proposals tab –> open default –> Please select Authentication Algorithms and Encryption Algorithms –> OK

IPsec Proposal Algorithms

Setting L2TP/IPsec VPN Client Mikrotik

1. Login to the Mikrotik Router which will be used as an L2TP Client.

2. Go to PPP menu –> Interface tab –> add L2TP Client Interface

Add L2TP Client

3. Fill in the Connect To parameter: Public IP Address / domain name L2TP Server –> Enter User and Password –> Check Use IPsec –> Fill in IPsec Secret the same as in L2TP Server –> OK.

L2TP Client Options

4. IPsec settings on the client, IP –> IPsec –> Proposals tab –> default –> Equalize with the contents of the default proposal on the Server side.

IPsec Proposal Algorithms Client

5. Check if the L2TP/IPsec connection is connected. Go to the PPP menu –> Interface –> Make sure the interface has an R (Runing) sign and the interface status is Connected.

L2TP IPsec VPN Client Connected

6. Add a static route on the Client side (branch office) by entering the network on the Server side (head office) –> IP –> Route

Add Static Route on Client

7. On the head office side, there is no need to add a static route to the branch office, because the dynamic route has been automatically created.

8. Check connection from client to server with ping.

Ping Result

So far, the two locations from different countries and very long distances have been successfully connected to Mikrotik L2TP/IPsec VPN which has a high level of security via the internet.

It should be noted that the IPsec configuration will not work properly if there is a mismatch of time information on the client and server. So make sure the time configuration is appropriate and in real time.

Author

  • kizaru

    Hi! I’m Kizaru. I grew up addicted to different Gadget & Computer Accessories. I began working as an IT Support Supervisor in Hospitality company years ago and realized my passion for Computer & Gadget Accessories. Digiva.net is a place for me to share my different findings and experiences about Computer & Gadget Accessories. For more information, Check Out My About Me Page!