How to configure VPN with l2tp and ipsec using Mikrotik router

How to configure VPN with l2tp and ipsec using Mikrotik router:
For a long time in my life I have a fear with the name VPN. :( . In my absence mind I thought that VPN    is some kinds of alien technology. :-D. I know you are laughing to know that. But when I understood them I was relief and also shameful that I was afraid of it. So, here I am going to share the concept and also the configuration of VPN server. Stick with me. :-D

Concept:
VPN means Virtual Private Network. Well what does that means? It means in VPN connectivity, when you connect your home pc to the office VPN server; your pc will get a local LAN ip from your office. So, though you are physically connect with different isp network but virtually your pc will act like a office LAN user.

Why we need VPN? Well suppose you have very valuable database/ information in your LAN those you don't want to give access to the internet users. In that case you will need VPN. It allows you to connect your LAN from outer network by using a secure tunnel (using ipsec).

OK enough chit-chat. Lets get down to the business. To configure the VPN first connect with your Mikrotik router using Winbox (you may also use web browser if you prefer). Now, Go to the Connect to: Find the MAC address of your router if you didn't set up an ip address yet.

Now assign you ip address both WAN and LAN.

Go to Interface > Ethernet. Now select the WAN interface here mine is ether1.

Enable proxy-arp from ARP. Remember without it your users will be connected to VPN but they will be unable to access other machine.

 Repeat this procedure to your local LAN interface. Here mine is eth3.

 Now go to the ip > Pool

Pool Name: vpn-pool-1. Address 172.16.0.100-172.16.0.105. When vpn user will connect then they will get a ip address from this pool.

Now go to the PPP>Profile> Add a new profile. Name: mahidul-vpn . Local Address: internate ip. Remote address: vpn-pool-1. Change TCP MSS: yes

Lets create VPN users. PPP> Secret> Name: vpn-user1, Password:********, Service: l2tp, Profile: mahidul-vpn

Now enable the l2tp service. Default profile: mahidul-vpn. Authentication: select all (MSCHAP2 for windows7)

OK great. We have just configured the l2tp tunnel. Now we will secure it with ipsec. Go to IP> Ipsec

Now we will Create a pear. Go to IP> Ipsec> Peers> add

Address: 0.0.0.0/0

 Port: 500

Auth. Method: pre shared key

Secret: give_a_password_which_will_need_the_user_to_connect_VPN

Exchange Mode: main l2tp

Send Initial Contact

NAT Traversal

Proposal Check: obey

Hash Algorithm: 3es

DH Group: modp1024

Generate Policy

And Last step create a proposal. Go to IP> Ipsec> Proposals> Click on default> check sha1, 3des, aes-256, PFS Group: none

                                      

That's all. Our VPN server with l2tp & ipsec is complete. Please follow the next blogs to check the VPN client configuration from Windows 7, Linux and MAC.