In this example we are creating a L2TP with IPSEC server with dynamic IP Address allocation and a Masqurade SRCNAT rule using an address list for internet access. This guide assumes you already have the required ports and services (UDP500, UDP4500, UDP1701, and L2TP) allowed on the input chain of your MikroTik.
- Create the IP Pool for Dynamic IP Address Allocation.
- /ip pool add name=VPN_POOL ranges=192.168.60.2-192.168.60.254
- Create the PPP Profile for Users.
- /ppp profile add change-tcp-mss=yes local-address=192.168.60.1 name=VPN remote-address=VPN_POOL use-encryption=yes
- Enable and configure the L2TP server. Make sure you change the IPSEC Secret.
- /interface l2tp-server server set enabled=yes ipsec-secret=IPSECPASSWORD use-ipsec=required
- Create the Address List of the VPN Clients for Internet Access.
- /ip firewall address-list add address=192.168.60.2-192.168.60.254 list=VPN_POOL
- Create the NAT for Client Internet Access.
- /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address-list=VPN_POOL
- Create the VPN User for Road Warrior Access.
- /ppp secret add name=TEST_VPN_USER password=Password1! profile=VPN service=l2tp