User Tools
Table of Contents
Mikrotik L2TP VPN
RouterOS v6.44 or above: https://saputra.org/threads/mikrotik-l2tp-over-ipsec-vpn-server-tutorial-guide-for-routeros-v6-44.106/
Stats: http://rickfreyconsulting.com/mikrotik-vpns/
New info? http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf
Needs verification and completion
http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#Server_configuration
http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP
https://www.youtube.com/watch?v=tpgEqzwj_OQ
- All traffic routes through tunnel
Enable L2TP Server
PPP → Interface → L2TP Server → Enable
- Max MTU
- L2TP has 40-byte overhead
- 1450 - Lowering the MTU can speed up VPN - test path MTU first
- 1460 - Default - Good if uplink MTU is 1500
- Default Profile
- Select
default-encryptionor create your own profile
- Authentication
- De-select
chapandpap - Select
MSCHAPv2andMSCHAP1
- Select
Use IPsec - Enter IPsec Secret needed to configure client
- Click
OK
Create IP Pool for Multiple Users
IP → Pool → Add
- Name L2TPpool
- Range of addresses e.g. (192.168.1.10-192.168.1.20) outside of LAN DHCP range
PPP → Profiles → Default-Encryption
- Local Address (same for all)
- Remote Address (pool you created)
PPP → Interface → L2TP Server
- Specify Default Profile →
default-encryption
Create Users
PPP → Secrets → Add+
- Name
- Username
- Password
- Service
l2tp
- Local Address (leave blank if using IP pool)
- Same for all users
- Router's LAN address
- Remote Address (leave blank if using IP pool)
- Different for each user
- Outside of DHCP range
- Profile
default-encryption
Proxy-ARP
Enable Proxy-ARP on the LAN interface for proper (layer 2 address) ARP resolution.
If you use a LAN bridge, modify that.
Interfaces → etherN → General → ARP → Proxy-ARP
