Page 1 of 1

Does Mikrotik support L2TP over IPSEC VPN (site to site) with certificate authentication?

Posted: Wed Aug 10, 2016 11:02 am
by usmanov
Does Mikrotik support L2TP over IPSEC VPN (site to site) with certificate authentication between two Routerboards

Re: Does Mikrotik support L2TP over IPSEC VPN (site to site) with certificate authentication?

Posted: Wed Aug 10, 2016 11:41 am
by andriys
The answer really depends of what your exact requirements are. Are you going to use Mikrotik devices on both sides of your site-to-site tunnel?

IPsec implementation in RouterOS supports RSA authentication (i.e. with certificates), so L2TP over IPsec supports it also. However it may not be compatible with other vendors' implementations. For instance, when you configure L2TP/IPsec with certificates in Microsoft Windows, Windows assumes that IKEv2 should be used, which is not currently supported in RouterOS.

Re: Does Mikrotik support L2TP over IPSEC VPN (site to site) with certificate authentication?

Posted: Wed Aug 10, 2016 11:51 am
by usmanov
Thanks for responding. Yes, on both sides we are plannig to use RouterBoards: RB-850gx2 and RB-750.

Re: Does Mikrotik support L2TP over IPSEC VPN (site to site) with certificate authentication?

Posted: Wed Aug 10, 2016 11:58 am
by pe1chl
Also, you will have to setup the L2TP without IPsec, and separately setup IPsec between the sites for the L2TP protocol.
The L2TP setup has a convenient automatic IPsec configuration option, but it allows only the use of pre-shared keys.
So, do not select "use IPsec".