Create credentials for each remote user.
/ppp secret add name=johndoe password=StrongPass123 service=l2tp profile=l2tp-profile
Repeat for additional users. Use strong passwords. mikrotik l2tp server setup full
/interface l2tp-server server set enabled=yes default-profile=l2tp-profile use-ipsec=required ipsec-secret=YourStrongPreSharedKey
Setting up L2TP/IPsec on MikroTik is straightforward once you understand the interplay between PPP profiles, firewall rules, and IPsec policies. The solution is fast, secure, and compatible with essentially every device on the planet. Create credentials for each remote user
Remember: Always test from an external network (e.g., cellular hotspot) because internal hairpin NAT often fails. If you encounter issues, systematically check firewall logs, IPsec peers, and PPP secrets. Repeat for additional users
For even better performance and modern security, consider migrating to IKEv2 or WireGuard (built into RouterOS v7). However, L2TP/IPsec remains a reliable workhorse for mixed-OS environments where third-party apps are not allowed.
Published: 2025 | Tested on RouterOS 7.14 and later.