In RouterOS CLI you need to list all the rules, you can do that by using this command: To change their priorities, you can simply drag them above the drop rules. Go to IP>Firewall Filter Rules and add these two rules: We also have to allow L2TP ports in our firewall! > ip firewall nat add chain = srcnat out-interface = ether1 action = masquerade Here is the Router OS command for terminal: There is only one thing that we have to do, and it is very, very important! Of course, you can change it with whatever you want! It is just an example!
Now we have a user with username bgocloud and password bgocloud. > ppp secret add name = bgocloud password = bgocloud profile = default-encryption service = l2tp comment =" our first account " It is time to add our clients/users who will be able to connect to our router. We have a router with Public IP address 78.142.25.35 and Local IP address 10.1.101.1, enabled L2TP service, and enabled DNS service. > ip dns set allow-remote-requests = yes If you do not want to use your MikroTik as a DNS server, you can set DNS-servers of google 8.8.8.8 and 8.8.4.4.īut If you want to be able to make some static DNS records you have to enable DNS to your router, here is how this can be done: Maybe it is a good Idea here to enable DNS service on the router otherwise, our L2TP client will not be able to access DNS server 10.1.101.1, and they can not open any website. > ppp profile set default-encryption local-address = 10.1.101.1 remote-address = L2TP dns-server = 10.1.101.1, 8.8.8.8 bridge = local Let's take a look at Default Profile - Default-Encryption and make some changes there.Ĭomand for this in MikroTik Router OS terminal: > interface l2tp-server server set enabled = yes default-profile = default-encryption use-ipsec = yes ipsec-secret = bgocloud authentication = chap, mschap1, mschap2, pap The command for this in MikroTik Router OS Terminal is: It is crucial to enable IPsec and set IPsec Secret! I choose from our local IP address network.įirst of all, we have to еnable the L2TP server. The easiest way to do this is with this command in MikroTik Router Os Terminal. It is a good idea to add IP Pool from where our L2TP customers will receive their IP addresses. Now we have our Mikrotik Router with Public IP address and Private One. > ip address add address = 10.1.101.1 / 24 interface = local It can be done easily with this command in MikroTik OS terminal:
If you have your IP address configured, you can skip these steps. You can use the IP address from your network topology. We are looking from the first pictures, and the IP address will be: 10.1.101.1 with netmask 255.255.255.0 (10.1.101.1/24) and place it on the "local" interface. Now it is time to set an IP address for our Local network. We can see the result in the Interfaces tab Or you can make it from Web interface or Winbox: You can add fast and easy the new bridge with this command in Router OS terminal: It is not mandatory to do this if you already have configured network topologies. Maybe you already have some bridge and local IP address.
In our case, I will add a bridge interface to our router and name it "local." The router will be restarted automatically.Īfter the restart, you have to login again and press the WebFig button.
This option will download the latest version of Router OS and install it. When you click Check for Update, if your router OS is not latest version, you can choose Download and Install option.
Please, follow these steps and make the update of your router: (If your router is already up to date you can skip this step)įrom left-side menu we choose: System -> Packages -> Press Check for Update It is essential to make sure that our router is up to date. If you access the router through a web browser you will see this: Open your browser and access MikroTik CHR and login with your admin account and your password. Unfortunately, the Public IP address of our router will be different. Īn example diagram gives an idea of what needs to be done Please follow this article for necessary system protection for your MikroTik Router. When you already have your own MikroTik CHR, you have to access the router and set a password to the admin account and made some security updates. Here's a small video explaining the process:įirst of all, You have to choose one of our MikroTik CHR VPS packets.
In this Knowledgebase article, we will show you how to configure a MikroTik VPN server with L2TP with IPSec. One of the protocols supported by Apple devices is L2TP/IPsec. As we know, Apple does not support PPTP VPN protocol on its own devices.