Help Needed: Configuring VPN Access on MikroTik Router

RouterOS Beginner Basics
1

Hello everyone,

I’m having trouble setting up VPN access on my MikroTik router and could really use some guidance. Here’s the setup:

  • Incoming Connections: Public IP is first handled by another router, which then forwards to my MikroTik router.
  • Goal: I want to set up a VPN so that I can securely access my network remotely.

So far, I’ve tried several configurations, but I can’t seem to get it to work properly.

Here are the details:

  • VPN Type:L2TP or OpenVPN
  • MikroTik Model: MikroTik RB2011UiAS-RM
  • Firmware Version: 7.14.x

I would appreciate any tips on how to properly configure the MikroTik router to allow VPN connections.

Thank you in advance for your assistance!

2

Before suggesting any config whatsoever, have you made the necessary port forwardings on the upstream router which handles the public IP? By default OpenVPN runs on TCP 1194, whereas L2TP on UDP 500,1701,4500

3

Yes I have made the necessary port forwardings. :slight_smile:

4

Ok, then I will give you an example config for L2TP because I’m not very familiar with OpenVPN.
For the sake of simplicity I’ll use y.y.y.y as VPN addresses:

  1. Create a pool from which VPN addresses will be handed out
  2. Add a custom profile in PPP/Profiles where you’ll specify the VPN addresses
  3. Add secrets for the different users
  4. Enable the L2TP server with IPsec because it’s more secure
  5. Add firewall rules which allow the aforementioned ports
/ip pool add name=l2tp_pool ranges=y.y.y.2-y.y.y.254

/ppp profile add name=l2tp local-address=y.y.y.1 remote-address=l2tp_pool use-encryption=required

/ppp secret add name=user1 password=Securepassword profile=l2tp service=l2tp

/interface l2tp-server server set enabled=yes use-ipsec=required ipsec-secret=Verysecurepassword authentication=mschap2 caller-id-type=ip-address default-profile=l2tp

/ip firewall filter add action=accept chain=input protocol=udp dst-port=500,1701,4500

A side question - why don’t you use Wireguard? It’s far more easier to set up

5

I did not know wireguard was an option for RouterOS. It was introduced in ROS7 but I was still on ROS6.
I have upgraded to ROS7 and will use Wireguard for its simplicity, thankyou verry much!