Mikrotik Remote VPN Setup (L2TP/IPsec & PPTP) – Complete Step-by-Step Guide

Irfan Alam August 8, 2025 155 views

Introduction

In today's connected world, being able to securely access your office or home network from anywhere is essential. Mikrotik routers offer robust VPN capabilities that allow remote access using L2TP/IPsec or PPTP protocols. This step-by-step guide will walk you through the process of setting up both options, so you can choose the one that best fits your needs.

What is Remote VPN?

A Remote VPN enables users to connect to a private network from a remote location over the internet. This ensures encrypted communication, secure data exchange, and access to network resources as if you were physically present.

Why L2TP/IPsec and PPTP?

  • L2TP/IPsec – More secure, uses strong encryption, and works well with most devices.
  • PPTP – Easier to configure but less secure; suitable for legacy devices or basic connectivity needs.

Prerequisites

  • Mikrotik router with RouterOS v6 or later.
  • Public IP address on WAN interface.
  • Basic knowledge of Winbox or WebFig.
  • PC or smartphone for testing the VPN connection.

Step 1 – Assign WAN and LAN Interfaces

/ip address
add address=192.168.88.1/24 interface=bridge comment="LAN"
add address=203.x.x.x/30 interface=ether1 comment="WAN"

Step 2 – Configure L2TP/IPsec Server

We will first set up L2TP/IPsec, as it provides better security.

Enable L2TP Server

/interface l2tp-server server
set enabled=yes use-ipsec=yes ipsec-secret=YourIPSecKey default-profile=default

Create VPN User

/ppp secret
add name=vpnuser password=StrongPass profile=default-encryption service=l2tp

Adjust IP Pool for VPN Clients

/ip pool
add name=vpn-pool ranges=192.168.89.2-192.168.89.20

/ppp profile
set default-encryption local-address=192.168.89.1 remote-address=vpn-pool use-encryption=yes

Step 3 – Configure PPTP Server (Optional)

If you want to support older devices, enable PPTP as follows:

/interface pptp-server server
set enabled=yes default-profile=default-encryption
/ppp secret
add name=pptpuser password=StrongPass2 profile=default-encryption service=pptp

Step 4 – Firewall Rules for VPN

Allow L2TP/IPsec and PPTP traffic through your firewall:

/ip firewall filter
add chain=input protocol=udp port=500,1701,4500 action=accept comment="Allow L2TP/IPsec"
add chain=input protocol=ipsec-esp action=accept comment="Allow IPsec ESP"
add chain=input protocol=tcp port=1723 action=accept comment="Allow PPTP"
add chain=input protocol=gre action=accept comment="Allow PPTP GRE"

Step 5 – Test from a Windows PC

To connect from a Windows PC:

  1. Open Control Panel → Network & Internet → Network Connections.
  2. Click Set up a new connection or network.
  3. Select Connect to a workplace → Use my Internet connection (VPN).
  4. Enter the public IP of your Mikrotik.
  5. Enter VPN username and password.
  6. Under Security tab, choose L2TP/IPsec with pre-shared key.
  7. Click Connect.

Step 6 – Test from Android/iOS

On a smartphone:

  1. Go to VPN settings.
  2. Choose L2TP/IPsec PSK.
  3. Enter server IP, username, password, and IPsec key.
  4. Save and connect.

Step 7 – Security Tips

  • Always use strong passwords.
  • Change IPsec key periodically.
  • Limit VPN user accounts to necessary personnel.
  • Enable logging for VPN connections.

Conclusion

With this setup, your Mikrotik router can now securely handle remote VPN connections using L2TP/IPsec or PPTP. This allows employees, administrators, or home users to securely access internal network resources from anywhere in the world.