Site icon System Zone

MikroTik L2TP/IPsec VPN Configuration (Connecting Remote Client)

VPN (Virtual Private Network) is a technology that provides a secure and encrypted tunnel across a public network and using this VPN tunnel a private network user can send and receive data to any remote private network as if his/her network device was directly connected to that private network.

MikroTik L2TP server is one of the most popular VPN services. It provides a secure and encrypted tunnel across public network for transporting IP traffic using PPP. L2TP/IPsec is more secure than MikroTik PPTP VPN server. MikroTik L2TP Server can be applied in two methods.

The goal of this article is to connect a remote client operating system using L2TP Tunnel across public network. So, in this article I will only show how to configure L2TP/IPsec VPN Server in MikroTik Router for connecting a remote workstation/client.

Network Diagram

To configure a L2TP Tunnel for connecting a remote workstation/client in MikroTik Router, I am following a network like below diagram.

L2TP/IPsec Network for Remote Client

In this network, MikroTik Router is connected to internet through ether1 interface having IP address 192.168.30.2/30. In your real network, this IP address should replace with public IP address. MikroTik Router’s ether2 interface is connected to local network having IP network 10.10.11.0/24. We will configure L2TP/IPsec server in this router and after L2TP configuration the router will create a virtual interface (L2TP Tunnel) across public network whose IP address will be 10.10.11.1. On the other hand, a remote laptop (workstation/client) is connected to internet and wants to connect to our L2TP/IPsec server for accessing local network resources. We will configure L2TP/IPsec client in this laptop and after establishing a L2TP Tunnel across public network, this laptop will get a MikroTik Router’s local IP 10.10.11.10 and will be able to access MikroTik Router’s private network.

MikroTik L2TP/IPsec VPN Configuration

MikroTik L2TP can be used just as any other tunneling protocol but the L2TP standard says that the most secure way to encrypt data is using L2TP over IPsec. So if your router supports, it will be better to use L2TP Server over IPsec. L2TP/IPsec requires some extra configuration both in L2TP Server and L2TP client. Complete L2TP/IPsec VPN configuration can be divided into four steps.

Step 1: MikroTik Router Basic Configuration

In the first step, we will assign WAN, LAN and DNS IP and perform NAT and Route configuration. The following steps will show how to do these topics in your RouterOS.

Basic RouterOS configuration has been completed. Now it is time to enable L2TP server in our MikroTik Router.

Step 2: Enabling L2TP Server

We will now enable L2TP Server in our MikroTik Router. The following steps will show how to enable L2TP Server in MikroTik RouterOS.

L2TP Server is now running in our MikroTik Router. The next step is to configure L2TP user who will be authenticated to connect to L2TP Server for establishing a L2TP Tunnel.

Step 3: Creating PPP Secrets for L2TP Server

We will now create PPP Secrets (username and password) that will be required to connect to our L2TP Server. The following steps will show how to create PPP Secrets in your MikroTik Router.

PPP user who will be connected from remote client machine has been created. At this point, if the user gets connected from the remote client machine and try to ping any workstation from the remote machine, the ping will time out because the remote client is unable to get ARPs from workstations. The solution is to set up proxy-arp on the LAN interface.

Step 4: Enabling proxy-arp on LAN Interface

The following steps will show how to enable proxy-arp on your LAN interface.

After enabling proxy-arp, the remote client can successfully reach all workstations in the local network behind the router.

L2TP/IPsec Client Configuration

Almost all Operating Systems including Windows support L2TP/IPsec client. In this article, I will show how to configure L2TP client in Windows 7 operating system. All other Windows versions follow almost the same procedure.

If everything is OK, you will be able to connect to your L2TP server and a L2TP Tunnel will be created between MikroTik Router and your remote client. Now try to ping and hope there will be no problem to get ping reply.

If you use other operating system than Windows, please search in Google how to create L2TP/IPsec client at that specific operating system. I hope you will a get solution.

If you face any confusion to follow above steps properly, watch the following video about MikroTik L2TP/IPsec VPN Configuration carefully. I hope it will reduce your confusion.

MikroTik L2TP/IPsec VPN Configuration for Connecting a Remote Client has been discussed in this article. I hope you will be able to configure L2TP/IPsec VPN in your MikroTik Router if you follow the above steps properly. However, if you face any confusion, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.

Exit mobile version