How to create a simple VPN server with Mikrotik ( L2TP/IPSec )

Introduction

This tutorial will guide you through the process of creating a simple VPN server using Mikrotik with L2TP/IPSec. This setup allows you to securely connect to your work network from outside the office, which is essential for remote work and secure access.

Step 1: Access Mikrotik Router

• Connect to your Mikrotik router using Winbox or through the web interface.
• Ensure you are logged in with administrator credentials.

Step 2: Configure IP Addresses

• Navigate to IP > Addresses.
• Click on the Add New button to create a new IP address.
• Assign an IP address to the VPN interface. For example:
  • Address: 192.168.88.1/24
  • Interface: VPN

Step 3: Set Up L2TP Server

• Go to PPP > L2TP Server.
• Enable the L2TP server by checking the Enabled box.
• Configure the following settings:
  • Use IPsec: yes
  • IPsec Secret: Set a strong password that will be used for IPsec security.

Step 4: Configure PPP Profile

• Still in the PPP section, click on Profiles.
• Add a new profile with the following settings:
  • Name: VPN-Profile
  • Local Address: 192.168.88.1
  • Remote Address: 192.168.88.2-192.168.88.10 (define a range for clients)

Step 5: Create User for VPN Access

• Navigate to the Secrets tab within the PPP section.
• Click on Add New and fill in the following:
  • Name: (Choose a username)
  • Password: (Set a strong password)
  • Service: l2tp
  • Profile: Select the profile created in the previous step.

Step 6: Set Up Firewall Rules

• Go to IP > Firewall > Filter Rules.
• Add rules to allow L2TP and IPsec traffic:
  • For L2TP:
    • Chain: input
    • Protocol: udp
    • Dst. Port: 1701
    • Action: accept
  • For IPsec:
    • Chain: input
    • Protocol: udp
    • Dst. Port: 500,4500
    • Action: accept

Step 7: Configure IPsec Policies

• Navigate to IP > IPsec > Policies.
• Add a new policy with the following settings:
  • Src. Address: 192.168.88.0/24
  • Dst. Address: 0.0.0.0/0
  • Protocol: all
  • Action: encrypt
  • Level: require

Step 8: Test Your VPN Connection

• On your client device, navigate to the VPN settings.
• Set up a new VPN connection using L2TP and enter the server’s public IP address.
• Input the username and password created earlier.
• Test the connection to ensure it works correctly.

Conclusion

You have successfully set up a simple VPN server using Mikrotik with L2TP/IPSec. This configuration allows you to securely access your work network from outside the office. Consider testing your VPN connection from different locations to ensure reliability. For further security, regularly update your passwords and monitor the VPN usage for any unauthorized access.