Mikrotik
      Back to home
      1. Help Center
      2. VPN
      3. Mikrotik

      Configuring VPN L2TP/IPsec Connection for Mikrotik

      To configure VPN connection via L2TP/IPsec on Mikrotik devices, download the Winbox application from the link https://mt.lv/winbox64 - 64-bit, or https://mt.lv/winbox - 32-bit. Alternatively, you can perform configuration via the web interface or terminal. After connecting to your Mikrotik router using Winbox, open the PPP menu section, go to the Interface tab and create a new connection by clicking L2TP Client in the drop-down list.

      In the window that opens, on the General tab, enter the connection name in the Name field. For example, Inferno, and go to the Dial Out tab. Fill in the following fields, taking information from the message that you received by email when activating the service:

      VPN Configuration

      • Connect To - Server IP address (VPS),
      • User - PPTP/L2TP username,
      • Password - PPTP/L2TP password,
      • IPsec Secret - ipsec shared PSK - when the Mikrotik device is behind NAT, for example, if the provider issues a fake address, IPsec may not be supported - do not check the Use IPsec box in this case,
      • Add Default Route - check the box if you want all traffic to go through this VPN connection.

      When you have finished filling in the fields, click Apply and go to the Status tab, where you will see the type of traffic encryption (Encoding), the received IP address and the connected status if the connection is successful.

      If there is no connection (the connecting status does not change to connected for a long time), and the connection is broken after the following lines in the connection log (the Log menu item):

      ISAKMP-SA established XXX.XXX.XXX.XXX[4500]-XXX.XXX.XXX.XXX[4500] spi:44ac40fad4cfbee2:a041fc516553f73e
      initiate new phase 1 (Identity Protection): XXX.XXX.XXX.XXX[500]<=>XXX.XXX.XXX.XXX[500] 

      open the IP section of the menu. Select the IPsec item in the drop-down menu. Go to the Proposals tab, double-click on the line named default. Check the sha256 authorization algorithm and click OK.

      Reconnection with new parameters will occur automatically after some time. In case of successful connection the connection status will change to connected.

      If you have any additional questions, you can use our ticket system.

      Order service Personal VPN and Socks 5 proxy