How to Configure L2TP VPN on MikroTik

What you will read?

1 Step 1: Create IP pool
2 Step 2: Add PPP profile
3 Step 3: Add VPN user
4 Step 4: Enable L2TP server
5 Step 5: Allow ports and set NAT

You can create a secure VPN access point on your MikroTik router using L2TP with IPsec.

Step 1: Create IP pool

Start by creating a dedicated IP range that will be assigned to VPN clients when they connect:

/ip pool add name=l2tp-pool ranges=192.168.77.10-192.168.77.100

Step 2: Add PPP profile

Now link that IP pool to a PPP profile and enforce encryption for all connections:

/ppp profile add name=l2tp-profile local-address=192.168.77.1 remote-address=l2tp-pool use-encryption=yes

Step 3: Add VPN user

You need to define a user that will authenticate when connecting to the VPN:

/ppp secret add name=vpnuser password=vpnpass service=l2tp profile=l2tp-profile

Step 4: Enable L2TP server

Now turn on the L2TP server and configure IPsec using a shared secret:

/interface l2tp-server server set enabled=yes default-profile=l2tp-profile use-ipsec=yes ipsec-secret=strongkey123

Step 5: Allow ports and set NAT

Make sure the VPN traffic can pass through the firewall, and allow VPN clients to access the internet:

/ip firewall filter add chain=input protocol=udp port=500,1701,4500 action=accept
/ip firewall nat add chain=srcnat src-address=192.168.77.0/24 action=masquerade

After everything is working, you can save your setup in case you need to restore it later:

/system backup save name=l2tp-backup
/export file=l2tp-export