How To Configure Mikrotik Site To Site Vpn Alongside L2tp/Ipsec.

MikroTik L2TP server is i of the most pop VPN services. It provides a secure together with encrypted tunnel across populace network for transporting IP traffic using PPP. L2TP/IPsec is to a greater extent than secure than MikroTik PPTP VPN server because it uses IP safety protocol suite that authenticates together with encrypts the packets of information post over a network. MikroTik L2TP Server tin last applied inwards 2 methods.
Connecting remote workstation/client: In this method, a L2TP customer supported operating arrangement such equally Windows tin communicate amongst MikroTik L2TP server through L2TP tunnel whenever required together with tin access remote person network equally if it was straight connected to the remote person network.
Site to Site L2TP: This method is likewise known equally VPN betwixt routers. In this method, a L2TP customer supported router ever establishes a L2TP tunnel amongst MikroTik L2TP Server. So, person networks of these routers tin communicate to each other equally if they were straight connected to the same router.

The destination of this article is to found a secure together with encrypted virtual link betwixt 2 routers using L2TP Tunnel across populace network. So, inwards this article I volition present how to configure L2TP/IPsec VPN Server together with Client inwards MikroTik Router for establishing a site to site VPN tunnel.

In this network diagram above, R1 Router is connected to network through ether1 interface having IP address 192.168.30.2/30. In your existent network this IP address should supervene upon amongst populace IP address. R1 Router’s ether2 interface is connected to local network having IP network 10.10.11.0/24. We volition configure L2TP/IPsec server inwards this router together with later on L2TP configuration the router volition exercise a virtual interface (L2TP Tunnel) across populace network whose IP address volition last 172.22.22.1. On the other hand, R2 Router is a remote router together with tin access R1 Router’s WAN IP. R2 Router’s ether1 interface is connected to network having IP address 192.168.40.2/30 together with ether2 has a local IP network 10.10.12.0/24. We volition configure L2TP customer inwards this router together with later on configuration the router volition convey a virtual interface (L2TP Tunnel) across populace network whose IP address volition last 172.22.22.2.

Site to Site L2TP/IPsec Configuration inwards MikroTik Router

We volition straightaway start our Site to Site PPTP configuration inwards MikroTik Router according to higher upwards network diagram. Complete configuration tin last divided into 2 parts.
Part 1: R1 Router Configuration
Part 2: R2 Router Configuration
Part 1: R1 Router Configuration

We volition configure L2TP Server inwards R1 MikroTik RouterOS. Complete RouterOS configuration tin last divided into iii steps.
MikroTik Router basic configuration
Enabling L2TP Server amongst IPsec
PPP user configuration for L2TP Server
Step 1: MikroTik Router Basic Configuration




In outset step, nosotros volition assign WAN, LAN together with DNS IP together with perform NAT together with Route configuration. The next steps volition present how to exercise these topics inwards your MikroTik RouterOS.
Login to R1 RouterOS using winbox together with teach to IP > Addresses. In Address List window, click on PLUS SIGN (+). In New Address window, set WAN IP address (192.168.30.2/30) inwards Address input land together with pick out WAN interface (ether1) from Interface dropdown card together with click on Apply together with OK button. Click on PLUS SIGN i time to a greater extent than together with set LAN IP (10.10.11.1/24) inwards Address input land together with pick out LAN interface (ether2) from Interface dropdown card together with click on Apply together with OK button.
Go to IP > DNS together with set DNS servers IP (8.8.8.8 or 8.8.4.4) inwards Servers input land together with click on Apply together with OK button.
Go to IP > Firewall together with click on NAT tab together with thus click on PLUS SIGN (+). Under General tab, pick out srcnat from Chain dropdown card together with click on Action tab together with thus pick out masquerade from Action dropdown menu. Click on Apply together with OK button.
Go to IP > Routes together with click on PLUS SIGN (+). In New Route window, click on Gateway input land together with set WAN Gateway address (192.168.30.1) inwards Gateway input land together with click on Apply together with OK button.

Basic RouterOS configuration has been completed. Now it is fourth dimension to enable L2TP Server amongst IPsec inwards our MikroTik Router.
Step 2: Enabling PPTP Server amongst IPsec

We volition straightaway enable L2TP Server inwards our MikroTik Router. The next steps volition present how to enable L2TP Server equally good equally IPsec authentication inwards MikroTik RouterOS.
Click on PPP card detail from winbox together with thus click on Interface tab.
Click on L2TP Server button. L2TP Server window volition appear.

Click on Enabled checkbox.
Also click on Use IPsec checkbox if available. It volition last available inwards 6.16 or newer version.
Now set IPsec authentication password inwards IPsec Secret input box. This password has to render when L2TP/IPsec customer router volition last configured.
Click on Apply together with OK button.

L2TP Server amongst IPsec is straightaway running inwards our MikroTik Router. The side yesteryear side stride is to configure PPP user who volition last authenticated to connect to L2TP Server for establishing a L2TP Tunnel.
Step 2: PPP User Configuration for L2TP Server

We volition straightaway exercise PPP secrets (username together with password) that are required to connect to L2TP Server. We volition assign local together with remote virtual interface IP equally well. We volition likewise add together a static road inwards routing tabular array to attain the customer router’s person network. The next steps volition present how to exercise these topics inwards your MikroTik Router.

Click on PPP card detail from winbox together with thus click on Secrets tab.
Click on PLUS SIGN (+). New PPP Secret window volition appear.
Put username (For example: sayeed) inwards Name input together with password inwards Password input field. This username together with password volition last required when L2TP customer volition last configured.
Put virtual interface IP for R1 Router terminate (172.22.22.1) inwards Local Address input land together with for R2 Router terminate (172.22.22.2) inwards Remote Address input field.
Put static routes to attain R2 Router’s local network inwards Routes input filed. This road volition last added inwards R1 Router’s routing tabular array when L2TP user volition last connected from R2 Router. The road format is: dst-address gateway metric (example for this configuration: 10.10.12.0/24 172.22.22.2 1). Several routes may last specified separated amongst commas.
Click on Apply together with OK button.

User configuration for L2TP Server has been completed. Whenever your created user volition last connected from L2TP customer router (R2 Router), the Remote Address IP volition last assigned for its virtual interface together with the routes volition last created inwards R1 Router’s routing tabular array thus that R1 Router’s local network tin attain remote router’s (R2 Router) local network.

R1 Router configuration has been completed. Now R1 Router is ready to exercise L2TP Tunnel for its L2TP user. In the side yesteryear side part, nosotros volition configure our R2 Router thus that it tin connect to R1 Router through a L2TP Tunnel to attain R1 Router’s local network.






R1 Router configuration has been completed. Now R1 Router is ready to exercise L2TP Tunnel for its L2TP user. In the side yesteryear side part, nosotros volition configure our R2 Router thus that it tin connect to R1 Router through a L2TP Tunnel to attain R1 Router’s local network.
Part 2: R2 Router Configuration

According to our network diagram, R2 Router is working equally a L2TP customer router. So, nosotros volition configure L2TP customer inwards R2 Router. Complete RouterOS configuration tin last divided into iii steps.
Basic RouterOS configuration
L2TP customer configuration
Static road configuration
Step 1: Basic RouterOS Configuration




Basic RouterOS configuration includes assigning WAN, LAN together with DNS IP equally good equally NAT together with Route configuration. The next steps volition conduct yous near basic RouterOS configuration.
Login to R2 RouterOS using winbox together with teach to IP > Addresses. In Address List window, click on PLUS SIGN (+). In New Address window, set WAN IP address (192.168.40.2/30) inwards Address input land together with pick out WAN interface (ether1) from Interface dropdown card together with click on Apply together with OK button. Click on PLUS SIGN i time to a greater extent than together with set LAN IP (10.10.12.1/24) inwards Address input land together with pick out LAN interface (ether2) from Interface dropdown card together with click on Apply together with OK button.
Go to IP > DNS together with set DNS servers IP (8.8.8.8 or 8.8.4.4) inwards Servers input land together with click on Apply together with OK button.
Go to IP > Firewall together with click on NAT tab together with thus click on PLUS SIGN (+). Under General tab, pick out srcnat from Chain dropdown card together with click on Action tab together with thus pick out masquerade from Action dropdown menu. Click on Apply together with OK button.
Go to IP > Routes together with click on PLUS SIGN (+). In New Route window, click on Gateway input land together with set WAN Gateway address (192.168.40.1) inwards Gateway input land together with click on Apply together with OK button.

Basic RouterOS configuration inwards R2 Router has been completed. Now it is fourth dimension to exercise L2TP customer inwards our MikroTik Router.
Step 2: L2TP Client Configuration

After completing RouterOS basic configuration, nosotros volition straightaway configure L2TP customer inwards R2 Router. The next steps volition present yous how to exercise L2TP customer inwards your MikroTik Router.
Click on Interfaces card detail from winbox together with thus click on Interface tab. Click on PLUS SIGN (+) dropdown card together with thus pick out L2TP Client option. New Interface window volition appear.
Click on General tab together with set L2TP interface mention (l2tp-server) inwards Name input field.
Click on Dial Out tab together with set R1 Router’s WAN IP (192.168.30.2) inwards Connect To input field. This IP must last reachable from R2 Router.
Put username (sayeed) together with password that yous convey provided inwards R1 Router’s PPP user configuration, inwards User together with Password input land respectively.
Click on Use IPsec checkbox together with thus render the password that yous entered at the fourth dimension of enabling L2TP/IPsec Server.
Click on Apply together with OK button.

As presently equally yous render the higher upwards information, a L2TP Tunnel volition last created betwixt R1 together with R2 Router together with provided local together with remote IP address volition last assigned inwards R1 together with R2 Router’s virtual interface respectively. At this stage, R1 Router equally good equally its local network volition last able to attain R2 Router together with its local network merely R2 Router together with its local network volition entirely last able to attain R1 Router merely non its local network. To attain R1 Router’s local network, a static road must last added inwards R2 Router’s routing table.

Step 3: Static road configuration

After configuring L2TP Client inwards R2 Router, R2 Router tin entirely access R1 Router merely non its local network. To solve this issue, a road is required inwards R2 Router’s routing table. The next steps volition present how to add together a road inwards R2 Router’s routing tabular array statically.
Go to IP > Routes together with thus click on PLUS SIGN (+).
In New Route window, render R1 Router’s local network (10.10.11.0/24) where yous desire to reach, inwards Dst. Address input field.
Click on Gateway input land together with thus pick out your L2TP customer interface (l2tp-server) that yous convey exercise inwards L2TP customer configuration, from Gateway dropdown menu.
Click on Apply together with OK button.

Now R2 Router together with its local network volition last able to access R1 Router’s local network.

R1 Router together with R2 Router Configuration for establishing a PPTP Tunnel betwixt them has been completed. Now both router’s local networks are eligible to access each other. To banking concern jibe your configuration, exercise a ping asking from whatever local network machine to other local network machine. If everything is OK, your ping asking volition last success.

MikroTik VPN configuration amongst Site to Site L2TP/IPsec Service has been explained inwards this tutorial. I promise yous volition last able to configure your Site to Site VPN amongst MikroTik L2TP service if yous follow the explanation carefully. However, if yous facial expression upwards whatever confusion to exercise higher upwards steps properly, experience costless to hash out inwards comment.

Share this post