I seem not to be able to get L2TP IPSEC VPN working. I have an RB760iGS after my ISP’s modem/router and need to create a VPN for external clients. Connections cannot be established at all and I believe port forwarding / NAT is the reason. How can I forward the VPN connection / traffic from the modem to my router? What firewall configuration is needed?
WAN Address is 86.100.x.x
ISP Modem LAN is 192.168.10.254
ISP Modem DHCP is 192.168.10.2-192.168.10.20
Router WAN Address is 192.168.10.1 (static)
Router’s DHCP 192.168.88.1/24
Assuming that your ISP gives you an Internet addressable external IP address (i.e.: They aren’t using CG-NAT or something). You need to forward the following to your ports/protocols to your MikroTik:
UDP Port 1701 - L2TP VPN Connection
UDP Port 500 - IPSec Connection
UDP Port 4500 - IPSec NAT Traversal
ESP (Protocol 50) - IPSec ESP
How you do the forwarding from the ISP modem/router to the MikroTik depends very much on what device your ISP provided so I can’t provide any advice without knowing which device you’ve got. Take a look through the MikroTik support documentation for examples on configuring L2TP/IPSec VPN in ROS.