Configuring VPN L2TP/IPsec Connection for Mikrotik

This article will help you learn how to configure VPN L2TP/IPsec connection on Mikrotik devices.

To configure VPN L2TP/IPsec connection on Mikrotik devices, follow the steps:

  1. Download the Winbox application from the link for 64-bit, or for 32-bit.
    Alternatively, you can perform configuration via the web interface or terminal.
  2. After connecting to your Mikrotik router using Winbox, open the PPP menu section. 
  3. To create a new connection, go to the Interface tab and click L2TP Client in the drop-down list.
  4. In the window that opens, on the General tab, enter the connection name in the Name field, for example, "Ishosting".
  5. Go to the Dial Out tab and fill in the following fields:
    1. Connect To is the Server IP address (VPS).
    2. User is the PPTP/L2TP username.
    3. Password is the PPTP/L2TP password.
    4. IPsec Secret is the ipsec shared PSK. When the Mikrotik device is behind NAT, for example, if the provider issues a fake address, IPsec may not be supported, do not check the Use IPsec box in this case.
    5. Add Default Route. Check the box if you want all traffic to go through this VPN connection.
  6. Write the access information from the message that you received by email when the service is activated.
  7. You can also find L2TP/IPsec access information in your client area.
    1. In your client area, find the VPN Servers tab.
    2. Click Manage.
      10_en (1)
    3. In the Access section, find the PPTP L2TP settings.
    4. Download access information there.
  8. When you have finished filling in the fields, click Apply.
  9. Go to the Status tab, where you will see the type of traffic encryption (Encoding), the received IP address and the Connected status if the connection is successful.

    If there is no connection (the Connecting status does not change to Connected for a long time), and the connection is broken after the following lines in the connection log (the Log menu item), open the IP section of the menu.

    ISAKMP-SA established XXX.XXX.XXX.XXX[4500]-XXX.XXX.XXX.XXX[4500] spi:44ac40fad4cfbee2:a041fc516553f73e

    initiate new phase 1 (Identity Protection): XXX.XXX.XXX.XXX[500]<=>XXX.XXX.XXX.XXX[500]
  10. Select the IPsec item in the drop-down menu.
  11. Go to the Proposals tab.
  12. Double-click on the line named “default”.
  13. Check the sha256 authorization algorithm.
  14. Click OK.

If you have any questions, you can ask them in the online chat in the lower right corner of the site or by ticketing the Techsupport Department.

To order the Personal VPN and Socks5 Proxy service, please proceed with the order.