====== Mikrotik L2TP VPN ====== **RouterOS v6.44 or above**: https://saputra.org/threads/mikrotik-l2tp-over-ipsec-vpn-server-tutorial-guide-for-routeros-v6-44.106/ Stats: http://rickfreyconsulting.com/mikrotik-vpns/ New info? http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf FIXME Needs verification and completion http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#Server_configuration http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP https://www.youtube.com/watch?v=tpgEqzwj_OQ * All traffic routes through tunnel ===== Enable L2TP Server ===== **PPP -> Interface -> L2TP Server -> Enable** * Max MTU * L2TP has 40-byte overhead * 1450 - Lowering the MTU can speed up VPN - test path MTU first * 1460 - Default - Good if uplink MTU is 1500 * Default Profile * Select ''default-encryption'' or create your own profile * Authentication * De-select ''chap'' and ''pap'' * Select ''MSCHAPv2'' and ''MSCHAP1'' * Select ''Use IPsec'' * Enter IPsec Secret needed to configure client * Click ''OK'' ===== Create IP Pool for Multiple Users ===== **IP -> Pool -> Add** * Name L2TPpool * Range of addresses e.g. (192.168.1.10-192.168.1.20) outside of LAN DHCP range **PPP -> Profiles -> Default-Encryption** * Local Address (same for all) * Remote Address (pool you created) **PPP -> Interface -> L2TP Server** * Specify Default Profile -> ''default-encryption'' ===== Create Users ===== **PPP -> Secrets -> Add+** * **Name** * Username * **Password** * **Service** * ''l2tp'' * **Local Address** (leave blank if using IP pool) * Same for all users * Router's LAN address * **Remote Address** (leave blank if using IP pool) * Different for each user * Outside of DHCP range * **Profile** * ''default-encryption'' ===== Proxy-ARP ===== :!: Enable Proxy-ARP on the LAN interface for proper (layer 2 address) ARP resolution. :!: If you use a LAN bridge, modify that. **Interfaces -> etherN -> General -> ARP -> Proxy-ARP**