How to Setting L2TP/IPsec VPN Server on Mikrotik

How to Setting L2TP/IPsec VPN Server on Mikrotik

L2TP (Layer 2 Tunneling Protocol) is one of the VPN protocols which is the development of PPTP VPN which is added by L2F (Layer 2 Forwarding) protocol. L2TP itself does not provide encryption (encryption) on the traffic that passes through it. Well, to provide its encryption features, L2TP is combined with IPsec to increase security and privacy.

IPsec stands for Internet Protocol Security which is a network protocol that provides authentication and encryption of data packets sent over the network. IPsec uses cryptography to protect data communications over Internet Protocol (IP) networks. This makes the use of IPsec will provide a high level of security.

L2TP implementations that use IPsec are commonly referred to as L2TP/IPsec. With a high level of security does not mean difficult and complicated in its configuration. Unlike setting SSTP VPN which is quite complicated, Setting L2TP/IPsec VPN Mikrotik is almost as easy as configuring PPTP VPN Mikrotik. We can use L2TP/IPsec VPN on Mikrotik to create a secure interconnection between locations or between servers and clients.

In this Mikrotik Tutorial, we will demonstrate the application of L2TP/IPsec VPN to interconnect two different locations that are far apart by utilizing an Internet connection. Call it the interconnection of two offices from different countries, where the head office is in Los Angeles (USA) and the branch office is in Singapore. The following is a picture of the interconnection topology:

Here we will connect between Mikrotik Routers that have a Public IP via the Internet network by utilizing the L2TP/IPsec VPN Tunnel. Let’s just discuss how to set the Mikrotik L2TP.

Intsall Foam Inside The Keyboards C...
Intsall Foam Inside The Keyboards Case

Setting L2TP/IPsec VPN Server Mikrotik

1. Login to the Mikrotik Router which will be used as an L2TP Server.

2. Activate L2TP Server, go to PPP menu –> Interface tab –> select L2TP Server –> Check Enabled –> Check Use IPsec –> Enter IPsec Secret –> OK

3. Create an L2TP user, go to the Secrets tab –> Add a new user with the following parameters:

  • Name: enter the desired username
  • Password: enter the password for the username
  • Local Address: IP Address that will be assigned to L2TP Server automatically
  • Remote Address: IP Address that will be assigned to L2TP Client automatically
  • Routes: Can be filled with network at branch offices, will appear in the routing table automatically (dynamic route).

4. Now we set the IPsec. Go to IP menu –> IPsec –> Proposals tab –> open default –> Please select Authentication Algorithms and Encryption Algorithms –> OK

Setting L2TP/IPsec VPN Client Mikrotik

1. Login to the Mikrotik Router which will be used as an L2TP Client.

2. Go to PPP menu –> Interface tab –> add L2TP Client Interface

3. Fill in the Connect To parameter: Public IP Address / domain name L2TP Server –> Enter User and Password –> Check Use IPsec –> Fill in IPsec Secret the same as in L2TP Server –> OK.

4. IPsec settings on the client, IP –> IPsec –> Proposals tab –> default –> Equalize with the contents of the default proposal on the Server side.

5. Check if the L2TP/IPsec connection is connected. Go to the PPP menu –> Interface –> Make sure the interface has an R (Runing) sign and the interface status is Connected.

6. Add a static route on the Client side (branch office) by entering the network on the Server side (head office) –> IP –> Route

7. On the head office side, there is no need to add a static route to the branch office, because the dynamic route has been automatically created.

8. Check connection from client to server with ping.

So far, the two locations from different countries and very long distances have been successfully connected to Mikrotik L2TP/IPsec VPN which has a high level of security via the internet.

It should be noted that the IPsec configuration will not work properly if there is a mismatch of time information on the client and server. So make sure the time configuration is appropriate and in real time.