Remote Desktop L2TP VPN Server Configuration Using Mikrotik Router


Fig: L2TP over Ipsec VPN






L2TP used by service providers to provide VPN service over the internet.It is extension protocol of PPTP.L2TP dose no support encryption or confidentiality .L2TP packet including payload and header is sent  within UDP.L2TP have two endpoints LAC and LNS.
L2TP full meaning Layer 2 Tunneling Protocol,L2TP is Microsoft propitiatory,that can support Remote desktop VPN Server without any other VPN Software.It is easy to configure.


 Basic Ip Address Parameter Configuration:
[admin@LaxmiTani]/ip address> add address=103.7.248.206 interface=PUBLIC
[admin@LaxmiTani]/ip address> add address=192.168.1.1 interface=LOCAL

[admin@LaxmiTani]/ip pool> add name=VPNPOOL ranges=192.168.1.100-192.168.254


[admin@LaxmiTani]/ip firewall nat>
add chain=srcnat action=masquerade out-interface=PUBLIC

[admin@LaxmiTani]/ppp profile

add name="VPN" local-address=192.168.1.1 remote-address=VPNPOOL  dns-server=8.8.8.8,4.4.4.4


[admin@LaxmiTani]/interface l2tp-server>
            add disabled=no name=VPN
[admin@LaxmiTani]/interface l2tp-server server>
             set enabled=yes  

 /ppp secret>
[admin@LaxmiTani]/ppp secret> add name=test1 service=l2tp password=123 remote-address=VPNPOOL local-address=192.168.1.1
 
[admin@LaxmiTani]/interface Ethernet>set LOCAL arp=proxy-arp

    

Verification:
[admin@LaxmiTani] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE                               
 0   103.7.248.206/29   103.7.248.200   PUBLIC                                   
 1   192.168.1.1/24     192.168.1.0     LOCAL  



[admin@LaxmiTani] /ip pool> print

 # NAME                                                                                       RANGES                        
 0 VPNPOOL                                                                   192.168.1.100-192.168.1.254

[admin@LaxmiTani] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=srcnat action=masquerade out-interface=PUBLIC




[admin@LaxmiTani] /ppp profile> print
Flags: * - default
 0 * name="default" use-mpls=default use-compression=default use-vj-compression=default use-encryption=default
     only-one=default change-tcp-mss=yes

 1   name="VPN" local-address=192.168.1.1 remote-address=VPNPOOL use-mpls=default use-compression=default
     use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default dns-server=8.8.8.8,4.4.4.4

 2 * name="default-encryption" use-mpls=default use-compression=default use-vj-compression=default use-encryption=yes
     only-one=default change-tcp-mss=yes

[admin@LaxmiTani] /interface l2tp-server> print

[admin@LaxmiTani] /interface l2tp-server server> print

[admin@LaxmiTani] /ppp secret> print

[admin@LaxmiTani] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0   S  0.0.0.0/0                                            103.7.248.201                     1
 1 ADC  103.7.248.200/29   103.7.248.206   PUBLIC                           0
 2 ADC  192.168.1.0/24        192.168.1.1     LOCAL                             0