Configure Mikrotik L2TP VPN for Windows and MacOS

Today, we look how to configure an L2TP VPN server so you can remotely connect to your Mikrotik router from a Windows or MacOS computer.

The first step is to create a VPN user, this is done in PPP > Secrets. The options are mostly straightforward:

  • Name: you username
  • Password: select a strong password for you user
  • Service: select l2tp (or any)
  • Profile: default-encryption
  • Local address: set the IP address of you mikrotik device on the LAN-side
  • Remote address: this is the IP address you will get from the VPN, select an address that is available on your LAN

The next step is to enable the L2TP server, click PPP > L2TP Server

  • Enable it
  • Default Profile: default-encryption
  • Authentication: mschap2
  • Use IPsec: yes
  • IPSec Secret: select a strong password, this is the pre-shared key

Now we need to create firewall rules to allow L2TP/IPsec traffic. Be sure to create these 2 rules before your input chain “DROP” rule.

Rule 1:

  • Chain: input
  • Protocol: 50 (ipsec-esp)

Rule 2:

  • Chain: input
  • Protocol: 17 (udp)
  • Ports 500, 1701, 4500

The next step is to configure IPsec so it can talk to Windows and MacOS, there is a matrix for the supported protocols on https://help.mikrotik.com/docs/display/ROS/IPsec but I will give you the most compatible settings I found in the screenshots below.

To do so, select IP > IPSec > Proposals and then Profiles

And that’s it, now on a Windows 10 PC you can just add a new L2TP VPN connection, and it should work!

Add your feedback

Your email address will not be published.