VPN creates a tunnel for your connection to the Internet to protect your privacy and L2TP is one of the famous encryption protocols in VPN. There are many protocols for encrypting VPNs, such as PPTP, L2TP, OpenVPN, and so on. In this article, we will accompany you to setup an L2TP VPN server on MikroTik operating system. Creating a private network is the best way to stay safe on the Internet. This service has many other features, for example, in some countries, using some services and websites is restricted. To overcome this limitation and use the free internet space, you need a good VPN. Now, what is a good VPN?
Using a VPN can also have problems. The IP of the VPN you use can be from different countries. Now, if you choose a VPN that is farther from the country where you live, the packets will be sent once from your router-modem to the VPN server and then will reach the desired server and this will slow down your connection. Another problem is the credit of the company which provides you a VPN. If the issue is information security, still the company from which you order the VPN can do the same. Another problem is the number of people who connect to a VPN server. Of course, some VPN companies manage this issue, but in any case, if the management of the server is in your hands, you can completely manage the connections.
The easiest way to solve these two problems is to setup an L2TP VPN server on your own MikroTik VPS. This way you can easily choose the location of the server yourself, the server is completely at your disposal and only you will use the server resources. The L2TP protocol also uses the IPSec protocol to enhance security and encryption. The IPsec protocol also uses two methods of encryption, and we can use each of them. The first method is RSA, which encrypts data by creating a certificate.
Security in this method is higher and the advantage of using it in VPN servers is that any modification will be effected on a large number of users. However, due to its complexity, we will not use this method in this article. Another way is to use the Pre Shared Key (PSK). In this method, a key is created in the VPN server and each client must use this key to connect to the server, which in this tutorial, we will use this method and it is much easier.
Note: Before you setup an L2TP VPN server, you need a MikroTik VPS that you can order from the below link.
Steps To Setup L2TP VPN On A MikroTik VPN Server
In this tutorial, we will show you how to setup an L2TP VPN server on Mikrotik VPS in just 4 easy steps.
Step 1: Add Firewall Rule
The first thing you need to do is to add a rule to the MikroTik firewall to allow packets to be moved out of the firewall. To do this, first, download the WinBox software and enter the MikroTik graphical environment. Then from the left panel, select the IP and then the Firewall option. In the new window that opens, go to the NAT tab and click on the blue Plus + sign to create a new rule. In the new window that opens, click on the Action tab, then open the Action option and select Masquerade, then click OK to create the rule.
Step 2: Activate L2TP Server
The second step to setup an L2TP VPN server is to enable L2TP. From the left panel, open the PPP option, then in the new window, click on the Interface tab and then the L2TP Server tab. In the new window, check the Enabled and IPsec Secret boxes, and n the profile section, select the default option. In the IPsec Secret, enter any password you want and save it somewhere, because we will need it, then click OK to apply the changes.
Step 3: Activate Encryption In Profiles
To encrypt the data, we must enable the encryption option in the Profiles section. To do this, open the Profiles tab again from the same PPP section, select the default profile, and from the Protocols tab, select the option to use encryption, then click OK to apply the changes.
Step 4: Create A Username
Now it’s time to create a username so that we can use L2TP VPN server on different operating systems such as Windows, Android, and IOS. To do this, select the Secrets tab again from the PPP section, then click on the blue Plus + sign. In the new window that opens, enter the information as follows.
- Name: Choose any name that you wish.
- Password: choose any password that you wish.
- Profile: Choose the default profile.
- Local Address: 10.10.10.2
- Remote Address: 10.10.10.3
Note: The local address is the IP where the user sees the Mikrotik IP when connected to the server. The remote address is the IP where the user sees his/her IP when he/she connects to the Mikrotik server. Note that these values must be different for each user. For example, in another user that you will create, you should select the value of the local address and remote address, respectively 10.10.10.4 and 10.10.10.5 of course, we could choose an IP Pool for the mentioned values so that we do not have to enter them manually every time, and if we intend to create more users, we have to do so. But in this article, we did not create an IP Pool to reduce the process of setup an L2TP VPN server on your own MikroTik VPS.
How To Connect To The L2TP VPN
After configuring the VPN server, it is time to create a client in the operating system. To create a VPN connection in Windows 10, search for the word VPN in the search field and select the Add VPN Connection and enter the values as follows. Note that in the Pre Shared key section, you must enter the password that you created when activating the L2TP server.
- Issue: I face the error user name and password combination you provided is not recognized.
Answer: As the error says, you have not entered the username and password correctly, so edit them and fill with the correct details.
- Issue: After the VPN connection, I’m not able to search and surf in browsers and websites are not loading.
Answer: In this situation, you have to add static DNS to your VPN client. To do so, open the RUN page by pressing Windows key + R. Write click on the VPN that you have created and choose Properties. On the new page, choose the Networking tab, and double click on Internet Protocol Version 4 (TCP/IPV4). On the new page, choose to use the following DNS server addresses and fill them like the following picture, then press the OK on both of the sections to apply the changes.
Congratulations, you have now been able to setup an L2TP VPN server on your own MikroTik VPS. Keep in mind to setup an L2TP VPN server on MikroTik VPS faster and easier, we did not explain some of the steps. Also, if there is any problem, please mention it in the comments section and I will definitely answer.
I hope this tutorial was useful for you and you enjoyed it!