Hi...Can anyone help me to create an L2TP vpn. I have two networks 148.151.x.x/27 (Office Domain -WAN)and 10.100.0.0/19 ( Office internet-LAN). I want to access my office internet through 148.151.X.X/16.
Here my config.

jan/02/1970 01:21:40 by RouterOS 6.19

software id = 0A7P-K5LW

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n comment=LAN disabled=no frequency=2462 l2mtu=2290 ssid=Guest
set [ find default-name=wlan2 ] l2mtu=2290
/interface ethernet
set [ find default-name=ether6 ] comment=WAN
/interface wireless manual-tx-power-table
set wlan1 comment=LAN
/interface wireless nstreme
set wlan1 comment=LAN
/ip neighbor discovery
set ether6 comment=WAN
set wlan1 comment=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm
wpa-pre-shared-key=guest123 wpa2-pre-shared-key=guest123
/port
set 0 name=serial0
/ip address
add address=148.151.234.61/27 comment=WAN interface=ether6 network=148.151.234.32
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether6
/ip route
add distance=1 dst-address=148.151.234.32/27 gateway=148.151.234.33
/ip upnp
set allow-disable-external-interface=no

i think no mikrotik experts here…

I think the problem here might be that you haven’t really scoped the request.

You want to access a /27 through a /16 (its a subnet, shouldn’t you just route) So what you probably have is two sites with x.x.x.x as one address and y.y.y.y as the second address.

Subnet at the first site is z.z.z.z and subnet at the second site is a.a.a.a.

Without details of both ends we cant build configs, plus you have to remember that many of us do this for our day jobs and helping out on here we do to help people at no cost.

However many of us became experts studying the manual and working through the examples and using them in the real world so we encourage you to take a look at the manual page for L2TP server and client and then it should be fairly easy to set it up.

But if you still need help show us the config you have built for each end and let us know what is / isn’t working and some of us may help out.

Regards
Alexander

Thanks Alex… Finally i did everything’s fine. I have connected the VPN successfully in my laptop. i can able ping the remote internet gateway ( 10.100.0.1) but couldn’t able to browse the internet. i have added input firewall chains ( UDP 1701,4500,500). now what i have to do get the internet( any firewall rules need to be added) Please help me

You are probably missing a forward rules between the tunnel and the gateway interface and back on the router.

If you use windows, you could disable “Use default gateway on the remote network” under Networking/TCP/IPv4//Advanced settings in your dialup adapter on your laptop. This will give you access to your network, and direct internet browsing capabilities without involving the tunnel.

Thanks my friend.... i have disable that use default gateway on remote network but i couldn't get internet and unable to ping the gateway.
Here the config file of the router...


\

jan/06/1970 10:31:49 by RouterOS 5.16

software id = EANR-W5UG

/interface ethernet
set 5 arp=proxy-arp auto-negotiation=yes bandwidth=unlimited/unlimited comment=
"OFFICE LOCAL INTERNET" disabled=no full-duplex=yes l2mtu=1522 mac-address=
D4:CA:6D:3A:4F:C2 master-port=none mtu=1500 name=ether6 speed=100Mbps
set 6 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=
"TO WAN" disabled=no full-duplex=yes l2mtu=1522 mac-address=
D4:CA:6D:3A:4F:C3 master-port=none mtu=1500 name=ether7 speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des
lifetime=30m name=default pfs-group=none
/ip pool
add name=pool1 ranges=192.168.1.4-192.168.1.250
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none
stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=default
use-encryption=default use-mpls=default use-vj-compression=default
add change-tcp-mss=yes dns-server=212.72.23.4,212.72.1.186 local-address=
192.168.1.2 name=vpn only-one=default remote-address=pool1 use-compression=
default use-encryption=required use-mpls=default use-vj-compression=default
set 2 change-tcp-mss=yes name=default-encryption only-one=default
use-compression=default use-encryption=yes use-mpls=default
use-vj-compression=default
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no
ignore-as-path-len=no name=default out-filter="" redistribute-connected=no
redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=ospf-in
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto
metric-rip=20 metric-static=20 name=default out-filter=ospf-out
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=
backbone type=default
/snmp community
set [ find default=yes ] address=0.0.0.0/0 authentication-password=""
authentication-protocol=MD5 encryption-password="" encryption-protocol=DES
name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0
syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,web
,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pass
word,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,wi
nbox,password,web,sniff,sensitive,api" skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface l2tp-server server
set authentication=mschap2 default-profile=vpn enabled=yes max-mru=1460
max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=
default enabled=no keepalive-timeout=60 mac-address=FE:D0:92:B2:C0:3B
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=
no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=
disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no
streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=148.151.234.61/27 comment=WAN disabled=no interface=ether7 network=
148.151.234.32
add address=192.168.1.2/24 comment="OFFICE INTERNET SUBNET" disabled=no
interface=ether6 network=192.168.1.0
/ip dhcp-relay
add delay-threshold=none dhcp-server=192.168.1.1 disabled=no interface=ether6
local-address=192.168.1.2 name=relay1
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=4096 servers=""
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input disabled=no dst-port=1701 protocol=udp
add action=accept chain=input disabled=no dst-port=4500 protocol=udp
add action=accept chain=input disabled=no protocol=ipsec-esp
add action=accept chain=input disabled=no dst-port=500 protocol=udp
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip ipsec peer
add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no
dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=
main-l2tp generate-policy=yes hash-algorithm=sha1 lifetime=1d
my-id-user-fqdn="" nat-traversal=yes port=500 secret=velubaai
send-initial-contact=yes
/ip neighbor discovery
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set ether6 disabled=no
set ether7 disabled=no
set ether8 disabled=no
set ether9 disabled=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=600
max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0
parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=148.151.234.33 scope=
30 target-scope=10
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=
all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=
15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0
use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=user1
password=123 profile=vpn routes="" service=l2tp
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set ether3 queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5 queue=only-hardware-queue
set ether6 queue=only-hardware-queue
set ether7 queue=only-hardware-queue
set ether8 queue=only-hardware-queue
set ether9 queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m
gateway-selection=no-gateway origination-interval=5s preferred-gateway=
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=always garbage-timer=2m metric-bgp=1 metric-connected=1
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no
redistribute-connected=yes redistribute-ospf=no redistribute-static=yes
routing-table=main timeout-timer=3m update-timer=30s
/routing rip interface
add authentication=none authentication-key="" disabled=no in-prefix-list=""
interface=all key-chain="" out-prefix-list="" passive=no receive=v2 send=v2
/routing rip network
add disabled=no network=192.168.1.0/24
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators=""
trap-target="" trap-version=1
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=
"jan/01/1970 00:00:00" time-zone=+00:00
/system console
set [ find port=serial0 ] disabled=no port=serial0 term=vt102
/system health
set fan-mode=auto use-fan=main
/system identity
set name=MikroTik
/system logging
set 0 action=memory disabled=yes prefix="" topics=info
set 1 action=memory disabled=yes prefix="" topics=error
set 2 action=memory disabled=yes prefix="" topics=warning
set 3 action=echo disabled=yes prefix="" topics=critical
add action=memory disabled=no prefix="" topics=l2tp
add action=memory disabled=no prefix="" topics=ipsec
add action=memory disabled=no prefix="" topics=firewall
add action=memory disabled=yes prefix="" topics=packet
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet
boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes
enter-setup-on=any-key force-backup-booter=no silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=""
filter-mac-address="" filter-mac-protocol="" filter-port="" filter-stream=
yes interface=all memory-limit=100KiB memory-scroll=yes only-headers=no
streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s
use-radius=no
[admin@MikroTik] >

https://www.youtube.com/watch?v=of2lPs4qYrc