For the VPN to work, your router must allow L2TP and IPsec traffic through its firewall. Add these rules under Filter Rules Accept UDP Port 1701 Accept UDP Port 500 (IPsec IKE). Accept UDP Port 4500 (IPsec NAT-T). Accept IP Protocol 50 Phase 4: Client Connection (Windows Example) To connect from a Windows 10/11 PC: L2TP VPN on Mikrotik, Android and Windows - Murray's Blog
/ip pool add name=l2tp-vpn-pool ranges=192.168.89.10-192.168.89.50 Use code with caution. 3. Step 2: Configure the PPP Profile
use IPsec for encryption because L2TP itself is not encrypted. L2TP Server Default Profile l2tp-profile IPsec Secret mikrotik l2tp server setup full
/ip firewall filter add action=accept chain=input comment="Allow L2TP" dst-port=1701 protocol=udp add action=accept chain=input comment="Allow IPsec IKE" dst-port=500 protocol=udp add action=accept chain=input comment="Allow IPsec NAT-T" dst-port=4500 protocol=udp add action=accept chain=input comment="Allow IPsec ESP" protocol=ipsec-esp Use code with caution. Ordering the Rules
Local Address: 192.168.80.1 (This will be the gateway for VPN clients). For the VPN to work, your router must
Here is an example of a basic MikroTik L2TP server configuration:
The profile defines the bridge between the VPN tunnel and your local network. Go to and click + . Name: l2tp-profile . Local Address: Your router’s LAN IP (e.g., 192.168.88.1 ). Remote Address: Select the vpn-pool created in Step 1. DNS Server: Add your preferred DNS (e.g., 8.8.8.8 ). Step 3: Enable the L2TP Server with IPsec Accept IP Protocol 50 Phase 4: Client Connection
/ip firewall filter add chain=input protocol=udp dst-port=500 action=accept comment="IPsec IKE"