Communication between Mikrotik L2TP VPN users and IPsec IKEv2 remote partner

Hello everyone,

I have configured Mikrotik VPN authentication via RADIUS on Windows Server 2016, and it is working correctly. External users connect via L2TP, and Mikrotik assigns them IP addresses from the pool 10.0.9.0/24 range. They can access all domain network resources within the LAN, which is in the 192.168.1.0/24 range. However, since LAN users communicate with an external partner via an IPsec IKEv2 tunnel, remote range 10.107.0.0/24, I have a problem where L2TP VPN users cannot access that tunnel communication, i.e., they cannot ‘see’ that segment. I assume the issue lies in the route that needs to be added for L2TP VPN users, but I don’t know how to do that. I would be grateful if someone has a solution or idea.

Best regards

Sasa Petrov

You might need to add an IPsec policy that includes the L2TP network. Or I guess you might source NAT the L2TP users that they use your LAN address when attempting to reach the remote network.

I have set up source NAT:

action: masquarade
Src Address: IP addr L2TP clients pool
Out Interface: bridge

but I haven’t been able to establish communication with the remote partner.

Today, I plan to configure the suggested IPSec policy. I am only concerned whether there is a possibility of collision with the already established communication with LAN users because this is our production channel that should not be disrupted