Mikrotik connection to the VPN client. Adding a new subnet

From where we connect to the home network

My task: to disassemble the actions that you need to do on home microtics (2011uias-2HND) so that you can have the ability to configure VPN connection and get access to home services. In my case, such services as: ZM (monitor the perimeter near the house), OWNCLOUD (our own notice of notes), Zabbix (monitor the state of our services: weather and various sensors).

Access to the home network will be organized through the PPTP protocol, it is a bunch of TCP protocol (for data transfer) and GRE (for wrapping packages).

mikrotik, connection, client, adding, subnet

Tunnel organization scheme to home microtics:

  • The provider provides me with a static IP address
  • We create a tunnel on Mikrotik
  • On Mikrotik, we create a remote connection profiles (login and password)
  • On Mikrotik, we create the rules of firewall routing to go through the firewall

First of all, I connect via WinBox to my Mikrotik’s and activate the PPTP server:

Winbox. IPMAC. PPP menu. Interface tab, after click PPTP Server

Enabled: I mark it with a checkmark

Default Profile: Default

Authentication: only. mschap1 mschap2 should be noted

Now we are creating users of remote connection:

In the PPP section, we move to the Secrets menu and add a new user: Add.

Password: aa1234567 @@. (I advise you to put a password more complicated)

Profile: Default-Encryption

Local Address: We write an IP address Mikrotik, which will act as a VPN server (192.168.one.9)

REMOTE Address: Write user IP addresses (192.168.one.100)

As soon as the settings are made by press the Apply OK for use and preservation.

Now we move on to setting up the rules for Firewall my Mikrotik so that it misses remote authorized connections;

Winbox. IPMAC. IP. Firewall. tab Filter Rules. Add

Winbox. IPMAC. IP. Firewall. tab Filter Rules. Add

This is how the rules look in Winbox’e:

Note: by default, the rules created are placed at the end of the general list, and they need to be moved upstairs to all prohibiting rules, if this is not done, they do not work.

That’s like that’s all, I check for, for example, settings for connecting from work from the Windows 7 Professional SP1 operating system:

Start. control panel. network control center and total access. setting up a new connection or network. connection to the workplace. use my connection to the Internet (VPN):

  • Internet: I indicate the external IPDNS address highlighted by me as a provider.
  • Location name: VPN-HOME
  • Allow to use this connection to other users: I mark it with a checkmark

After I indicate the user name and password for remote access (data identification data were entered above):

And then I click “Connect”, if everything is done correctly, the connection will be installed:

You can also check by opening the equipment “Center for Control of Networks and General Access”

You can also check by opening the command line console and displaying IP addresses of current network adapters:

IP setup for Windows

Ethernet Adapter connection on the local network:

What is now connected by VPN to the house, and what gives me, but what now you can start a browser and connect to home resources, if you configure the remote inclusion of computers via Wake ON LAN, then you can turn it on by requests, and after or vnc, rdp connect to them.

To disconnect from the VPN connection, you need to see a monitor with a network fork near the right, press it with the left mouse button, find your connected VPN connection, bring the mouse on it (the connection is released) and, through the right click, select the “Disable” menu, and in order to Connect all the same but select the menu “Connect”. “Connection”

This is all of course good, and if your provider does not give you a static IP address like mine, how to be. But you are lucky in this, t. to. In Mikrotik itself, there is a service on the likeness of Dyndns or No-IP that can provide you with DNS access link to your Mikrotik p. e.

WinBox. IPMAC. I transition to the Quick Set section, I mark the VPN Access with a checkmark

I indicate the password (VPN Password) and what I see, I have an external address here in this format:.SN.Mynetname.Net. The default name of the user and the password that I entered just higher.

Mikrotik. VPN PPTP Settings (Remote Access).

This page considers the creation of a VPN (Virtual Private Network “Virtual Private Network”) for a user remote access to Windows 10 to the organization’s network using the PPTP protocol through the Mikrotik router.

You can master the Mikrotik using the online quis “Mikrotik equipment Settings”. The course contains all the topics that are studied on the official MTCNA course. The author of the course is the official coach Mikrotik. It is suitable for those who have been working with microtics for a long time, and those who still haven’t held them in their hands. The course includes 162 video tutorials, 45 laboratory work, questions for self.testing and abstract.

PPTP (Point-to-Point Tunneling Protocol) Tunnel protocol of the point type that allows the computer to install a secure connection with the server by creating a special tunnel in a standard, unprotected Wiki network. PPTP has a vulnerability in the MS-Chap v authentication protocol.2. The vulnerability was closed due to the protocol of the advanced authentication verification of EAP (PEAP). Microsoft Corporation developer recommends using L2TP or SSTP instead of PPTP. Since PPTP is built into each Windows and is easily tuned, it is still used. The PPTP description is presented for historical purposes and to understand the simplified setting of VPN. The hacking resistance depends on the complexity and length of the password.

The connection diagram of the remote user to the organization’s network in the figure below.

VPN created using a Mikrotik RB750GR3 router with 6 firmware.47.

The initial setting of the router is made according to this instruction.

Fast VPN PPTP setting is presented here.

We enter the router menu from the local network via Winbox (link).

one.We launch Winbox, click on the Neighbors tab and see the routers available on the network.

EP48_2 LAB1 Mikrotik VPN Client to Site ( PPTP. L2TP/IPSec )

2.Click on Mac or IP addresses of the right router.

3.The address will be displayed in the line Connect to:

2.Activation of the server PPTP.

2.In the PPP window, we go to the Interface tab.

3.In the top panel, press the PPTP Server button.

four.In the window that opens, put a checkmark opposite Enable.

5.Press the OK button.

Mikrotik –L2TP/IPSEC VPN (Remote Access).

Simplified L2TP/IPSEC settings. It is necessary to connect 12 departments to the LVP and the server in the main building of the institution, in each of which 1-2 PC via VPN. All departments are spatially located outside the city and they have Internet access via ADSL modems.

You can master the Mikrotik using the online quis “Mikrotik equipment Settings”. The course contains all the topics that are studied on the official MTCNA course. The author of the course is the official coach Mikrotik. It is suitable for those who have been working with microtics for a long time, and those who still haven’t held them in their hands. The course includes 162 video tutorials, 45 laboratory work, questions for self.testing and abstract.

The connection diagram of remote users in the figure below.

As a result of the settings, L2TP tunnel is created, through which information with IPSEC by encryption is transmitted.

On the side of the VPN user is configured by Windows means.

In the main building of the VPN, it was created using the Mikrotik RB750GR3 router with firmware 6.48.one

It should be noted that in the named model of the router there is no hardware support of the IPSEC and the entire load on this case falls on the processor.

The initial setting of the router is made according to this instruction.

All settings are made from the local network via Winbox.

one.Creating a VPN profile.

The profile must be created before the activation of the L2TP server, because it must be indicated in the settings of this very server.

5.NAME: L2TP.MOTE-CCCESS (any understandable name Latinitsa).

6.Local Address: 192.168.twenty.1 (router address in VPN)

eight.We go to the Protocols tab and set up 9, 10, 11 as in the picture.

Mpls: yes. transmission of packages on marks. Wiki

Compression: (data compression) No. used for slow channels.

ENCRYPTION: (data encryption) YES. as agreed with the client.

On the Limits tab, you can configure the session limit, the shutdown time with inaction, limiting the connection speed, one connection (only one).

Queue and Scripts tabs did not change.

/ PPP Profile Add Name = L2TP. Remote. Access Local. Address = 192.168.twenty.1 Change. TCP. MSS = Yes Use. Compression = No Use. Encryption = Yes Use. mpls = yes comment = “l2tp tunnel”

2.Activation of the server L2TP.

2.In the PPP window, we go to the Interface tab.

3.In the top panel, press the L2TP Server button.

four.In the window that opens, put a checkmark opposite Enable.

5.Default Profile: L2TP.MOTE-CCCESS indicate the previously created profile

6.Authentication: mschap2 (turn off the rest of the options)

9.Press the OK button.

/ Interface L2TP. Server Server Set Enabled = Yes Default. Profile = L2TP. Remote. Access Authentication = MSCHAP2 USE. IPSEC = Yes IPSEC. Secret = 12345password

3.Appointment of IP addresses VPN customers.

The first option is to create a pool of IP addresses and distribute them to users in automatic mode.

How to create VPN server on Mikrotik with OpenVPN ( Client to Site )

The second option is to indicate a static IP address.

Since in our case there are only 12 VPN users, we indicate for them static IP addresses from the 192 network.168.twenty.0 is done when creating a user.

5.Password: Password1234 (Complex password from Latin letters and numbers of different register)

7.Profile: L2TP.MOTE-CCCESS (previously created profile, select from the drop-down list)

eight.Remote Address: 192.168.twenty.11 (Static IP for the user)

/ PPP Secret Add Name = Remote. user1 password = password1234 service = l2tp Profile = l2tp. Remote. Access Remote. Address = 192.168.twenty.eleven

Create the required number of users with similar actions.

mikrotik, connection, client, adding, subnet

5.Creation of an intense.

The action is not mandatory, but in some situations it may be useful.

If you do not create a static integration, then it is automatically created dynamically when connecting the user.

6.Firewall rules.

Create two rules, one to resolve the IPSEC protocol, the second to access the necessary ports.

IPSEC resolution rule.

We cross the 1 IP 2 FireWall 3 Filter Rules menu.

four.Click the Blue Cross (plus), in the window opened on the General tab (5), enter the settings:

eight.In inteface: Ether1 (external integration)

/ IP FireWall Filter Add Chain = Input in. Interface = Ether1 Protocol = IPSEC. ESP Action = Accept Comment = “VPN IPSEC RULE1 Accept IPSEC”

Rule for opening ports 500, 1701, 4500.

We cross the 1 IP 2 FireWall 3 Filter Rules menu.

four.Click the Blue Cross (plus), in the window opened on the General tab (5), enter the settings:

eight.DST. Port: 500, 1701, 4500 (destination ports)

9.In inteface: Ether1 (external integration)

ten.We go to the Action tab.

12.Press the OK button to preserve the rule.

/ IP FireWall Filter Add Chain = Input DST. port = 500. 1701. 4500 in. Interface = Ether1 Protocol = UDP Action = Accept Comment = “VPN IPSEC RULE2 Accept Ports 500, 1701, 4500”

Internet setting for VPN PPTP customers in Mikrotik

This question will be made beyond the scope of this article, t.to. treats additional services for VPN customers. There can be many such services and all of them are individual (for those who are looking for: you need to configure and allow DNS queries and Masquarade).

Service setting on Mikrotik routers: Internet connection, DHCP, Brige, VLAN, Wi-Fi, Capsman, VPN, IPSEC, PPTP, L2TP, ManGLE, NAT, Port Porting, Roting and Office Connecting Office.

VPN Connection PPTP between two Mikrotik-AMI, Association of offices

Two Mikrotik routers, one in the quality of the server, the other as a client will participate in this settings. At the stage, creating such a connection should pay attention to the Mikrotik model, t.to. The number of VPN connections depends on it, as well as the ability to process such data flows. For consultation on this issue, contact the Settings-Microtics.UKR through the contact form.

To combine two offices and routing work, this setting is better to be divided into two blocks:

The server part was described by yours, but it requires adjustments in the form of static addresses for the VPN client

Settings are PPP-Interface-Secrets

And the client part consists of configuring the PPTP client.

PPTP customer settings (on the client)

Setting is PPP-Interface-PPTP Client

Setting routing by VPN server

This rule will indicate to the router Mikrotik where to direct traffic.

Settings are IP-ROUTES

  • network for the 2nd Mikrotik, which acts as a PPPTP client;
  • 192.168.ten.2-IP address 2nd Mikrotik.

Setting routing by the VPN client

Settings are IP-ROUTES

  • network of the 1st Mikrotik, which acts as a PPPTP server;
  • 192.168.ten.1-IP address of the 1st Mikrotik.

Problems when setting up and working IPSEC in Mikrotik

Below are the most frequent problems that do not relate to the direct setting of the VPN tunnel type IPSEC, but can indirectly affect its work: the connection can

  • Not installed;
  • Set but not work;
  • Mikrotik router has no static route for OUT packages. In other words, from the side of Mikrotik there is no ping on the remote subnet.

If the connection does not accept Established status, in addition to the correct settings, attention should be paid to Firewall.

Firewall Setting in Mikrotik for IPSEC

The next problem may be the ilgician keys of the IPSEC SA, the validity of which has ended, but the new key was not generated and agreed. Here it is worth paying attention to the life of the tunnel, on both routers, the IPSEC Profile and IPSEC Proposals should be identical. To fix this situation is needed:

Control the status of the IPSEC tunnel

After the regeneration of keys, he should be in the status of Established.

And the last addition towards the diagnosis of the IPSEC of the tunnel through the Mikrotik router.

mikrotik, connection, client, adding, subnet

Add a static route for ipSec

The following is an example, before and after the inclusion of the given static route.

How to configure VPN IPSEC in Mikrotik, if you are 2 (and more) providers

If several providers are opened on the router (router) Mikrotik, then a situation may arise when you need to clearly indicate which provider will be installed by the IPSEC VPN tunnel will be installed. This parameter should be indicated in the first phase (Phase-1) and determines the Local Address parameter.

Комментарии и мнения владельцев on the article “Setting Mikrotik VPN L2TP server, remote connection”

I have a question of how to make a VPN client for which a subnet is allocated under a VPN has access to a network if you remove on its side in the IPV4 settings use the main gateway of a remote network. If you do not remove the daw, then he sees the network and receives the Internet from the micro, but I need only to see the network.

Good afternoon, it turned out to solve this problem?

If you disconnect the parameter of the remote gateway by default, you need to add a static route to the network for VPN. The easiest way to write such routes in

To do this, register the route on the client: Route Add.P 192.168.one.0 Mask 192.168.ten.1 Metric 1 where “192.168.one.0 ”This is the office of the office where you connect via VPN, and“ 192.168.ten.1 ”This subnet from the IP address, which was allocated for VPN customers.

In the PPP-Profile settings, remove DNS Server. If I’m not mistaken.

On the side of the client, prescribe a static route Route Add.P network and so

The article helped a little to understand the VPN server settings L2TP

How much does it cost to configure the VPN server on the Mikrotik router? You need your consultation

Good implementation for remote access. It became interesting whether my Mikrotik RB951ui-2nd Crystation of IPSEC will pull, because it does not support it hardware? What speed can I give out and how much does the VPN customers support?

L2TP IPSEC is one of the few universal ligaments for remote work on MacOS (iOS). In fact, for VPN server options two or OpenVPN or L2TP IPSEC

Only having figured out the routing, it turned out to be a normal VPN server from a microtics. And not always the settings of this, in the recent case, in general, there was no access to external IP inside the provider, only by internal. So look for the problem.

Good afternoon. When a VPN connection from Windows, the computer does not kick and does not go to the Web Video Interais Web, although the guided governings (d-link) are kicking and the integration enters their web. How to make access to the entire grid?

If you have web devices, then Firewall and routing on Mikrotik is correctly configured. Of the common reasons: 1. Try to deactivate the firewall on PC 2. Check if the default gateway is indicated in the DVR. All other solutions require diagnosis

The firewall is deactivated, the gateway is indicated, the VPN address is issued by the same server of the same pool as for PC

VPN tunnel between the office and the house according to this scheme can be organized? A little scares Mikrotik with its capacious setting. Give the phone those. support

Good afternoon! Please tell me, is it possible to configure L2TPIPSEC so that the IPSEC Secret has a different VPNCLE?

This is a common parameter, installed on the entire L2TP server. It is enough to regulate access by accounting. Individual solutions are in pure IPSEC (IKEV1, IKEV2).

Hello, there is VPN from Zenmate. At home is Mikrotik Hap AC2, I’m trying to set up this VPN on this router and nothing is going out yet. Zenmate offers 2 connection options for routers: (OpenVPN with AUTH Sha256) and (IKEV2, L2TP/IPSEC).

OpenVPN can’t connect, t.to. In microtics, the Authentication of SHA256 (maximum sha1) is not implemented and they do not plan to implement in 6.49beta27 (Testing) NOT 7.1beta5 (Development) firmware. checked. Now I have 6.48.1 (stable)

The IPSEC settings provided by Zenmate are presented in this set: Server: URL Username: User Password: Pass Pre-Shared: Zenmate Device ID: numbers

How much I am already tormented and I can’t configure work on this protocol. First I set up IP. IPSEC. I constantly get a mistake in it that Phase2 has not received or something like that. I tried a bunch of different combinations of settings while everything is by. Well, I try to add ppp. L2TP Client, and it will not start up with such an uninterrupted PHASE2 mode

Maybe someone can help where to register, so that everything starts?

Discovered the following problems: 1.When activating IPSEC, communication is not set. 2.If the internal network of the server ( and the network in which the Win 10 PC client is connected ( VPN communication is installed but connects to devices in the server network not obtained. Mikrotik RB2011uias (Mipsbe) Firmware 6.48.one

The problem N2 was solved: several devices with the same IP address were present in local and remote networks.

I can’t deal with the VPN setting on the Mikrotik HAP AC2 and on the iPhone. I can’t make them vpn.

And is it possible to configure all this without constant IP? VPN from Quick Set works on Android and Windows without problems, but the iPhone could not connect. What to do?

If you cannot configure yourself, contact those. Support Mikrotik →

When setting up the client Win where to get the address where to connect? In the server settings, this is not indicated anywhere, so where did VNP come from.t.com.ua?

Server address (IP) is not setting up from the side of the router, it is given to you by the Internet provider

Concert how to implement these 2 schemes at the same time? когда и микрот микрот нужен и win/Android – mikrot, как работает default profile? As I understand it, I only rest against it so that there are 2 profiles actively at the same time

Good afternoon. Tell me, you can’t configure the L2TP connection to Windows 10, when connected to the server, an error is issued 784, after making the keys to the register, 809 began to be issued, while on a router in logs: L2TP Connection No IPSEC ENCRYPTION IT WAS REQUREDRED. It is not possible to defeat error 809, the connection is not established. Maybe someone was starting ?

Forgot to indicate that the routers among themselves by L2TP are interconnected normally. Phones on L2TP are also connected, the problem is only with Windows10/

If you have an error in Windows 10 when connecting the VPN of the L2TP client, it is recommended to install optional updates KB5010793. Also, in some cases, Windows updates from January 2022 helps to remove updates. But there are times when the updates cannot be removed and the installation of KB5010793 is a resolution.

With the firmware version 7.1 is not connected in the above settings. Phase 1 and all ((.

The most common errors when connecting to Mikrotik L2TP in my practice:

Choosing a protocol for VPN

In this article we will consider the two most popular protocols: PPPOE and PPTP.

PPTP is most often used for remote access to a corporate network. Its advantages include simplicity of settings and stability. Among the minuses are a relatively weak protection system, the presence of security flaws, the inability to use dynamic IP addresses. PPTP tuning can be represented as a simple sequence:

PPPOE. a protocol popular among Internet providers. It is distinguished by good scalability (you can easily expand the network), stability, resistance to attacks using the vulnerabilities of the ARP protocol. When connecting to PPPOE, you can use dynamic addresses and do not prescribe IP for each final network node. Minus prroe. a more complex connection process.

Mikrotik also support the protocols L2TP, OpenVPN, IPSEC. But they are less common and set up more difficult, so we will not touch them in this article oriented to beginners.

VPN setting on Mikrotik

Mikrotik routers are tuned through the WinBox utility, which is available for download on the official website. Therefore, before starting work, download and install it.

By clicking on the WinBox button, you will see a list of versions available for download

PPTP server

  • Open Winbox and select PPP section.
  • Select the interface tab at the top of the window.
  • A little below you will find the PPTP Server button. Click it.
  • You will have a server settings window. Put a checkplace opposite the Enabled line. this will turn on the server with the PPTP protocol.
  • Now let’s move on to set it up. Set the maximum values ​​of MTU and MRU to 1460.
  • Remove ticks from RAR and Chap.
  • Install checks opposite Mschap1 and Mschap2.

So the window of the configured PPTP server should look like

Now add users who can use our encrypted tunnel:

  • Do not leave PPP.
  • We go to the Secrets tab.
  • We see a plus at the left. We need him. we click.
  • The user creation window will open. The first two lines are a login and a key to the future user. They will need to be introduced later when connecting to the router, so it is better to immediately write them down.
  • In the third line, select the protocol. In our case, PPTP.
  • Leave the profile Default.
  • Next, you need to enter two IP addresses. In the Local line, we indicate the address of our Mikrotik. that is, the server. In the Remote. IP user computer line, which we plan to connect.

In each window you create a new user, so you have to repeat the actions if you want to connect more than one

We created our first user! If you want to connect more users, then repeat the steps from 2 to 7, introducing a new name, password and remote address.

Now it’s time to add exceptions to Firewall to provide connection. We need to add a rule to open the port. For this:

  • Select the IP section.
  • Go to Firewall tab.
  • Find the Filter Rules button.
  • At the top right you will see a red plus. Click it. so we will create a new rule.
  • In the new window, make sure you are on the General tab.
  • In the first field (chain) enter input.
  • In the Protocol field, select 6 (TCP).
  • In DST. PORT write 1723. this is the number of the right port.

We have made a rule that will open 1723 port

Now you need to add permission to use the GRE protocol:

  • Click on a red plus again to create a new rule.
  • Fill the first line as input
  • In the Protocol field from the drop.down list, select the GRE protocol (let you not be confused by lowercase spelling).
  • DST field.Port leave empty. Click Apply.
  • Go to the Action tab and select Accept from the drop.down list.
  • Apply. OK.

Having created the rules, pull them into the very top of the list on the Filter Rules tab, otherwise they will be suppressed by other rules.

This is the setting of the VPN server on the PPTP protocol is completed.

Setting up the PPPOE server

To configure PPPOE, we will also use Winbox:

  • Go to the PPP section, open the Profiles item.
  • Click the red plus in the corner of the window.
  • In the window opened on the General tab, enter the arbitrary name of the profile, indicate the server IP address (that is, the router) and put the YES flag in the Change TSP MSS section.

MSS adjustment provides the correct opening of sites

Encryption) is better to leave on, because otherwise the VPN connection becomes not so protected

On this tab, we introduce restrictions on the use of our server

We have created the server profile, now it’s time to add users who can connect to it:

  • Like last time, we go to the PRR section, go to the Secrets tab and click on the red plus.
  • It is now necessary to fill the form a little differently. In the first two fields, indicate the name and password for the future user.
  • In the Service field, select Rrroro.
  • In the Profile field, select the profile that we have just created.
  • The address of the router does not need to be entered. In the Remote line, enter IP client devices.

As before, to create several users, make this algorithm the required number of times

Now we will bind the router of the router to the profile:

  • In the PRR section, we find the PPPOE Servers button.
  • In the Default Profile field, select a previously tuned profile from the drop.down list.
  • In the Interface field, select the router integration. This is a physical port to which clinical devices are connected. Its number can be viewed on the case.
  • In the Keepalive Timeout field, it is recommended to put 30 seconds, but with low throughput of the tunnel or weak server, it is worth installing 40-50 seconds.

Setting up a VPN server on Mikrotik

Consider all four protocols that we allowed earlier by choosing the Any. PPTP parameter. SSTP, L2TP/IPSEC and OpenVPN. They are all supported by VPN on Mikrotik. Each of them has certain advantages and disadvantages that are manifested in specific conditions (this is the topic for another article).

The most common option for Connect is the Point-to-Point Tunneling Protocol (PPTP) protocol. The technology is undemanding to computing resources, the algorithm begins to work “out of the box” with most of the operating systems used. The only drawback is the serious security holes in the client’s authentication mode.

Launch VPN Server on Mikrotik in PPTP mode:

Connection PPTP to VPN Server on Mikrotik from the same smartphone running the modern version of Android (8 or higher) does not require installation of additional programs. It is available through the functions of the OS itself in the section “Adding VPN”. But this option is suitable only for simple tasks where increased safety is not required. In other cases, pay attention to other protocols.

Microsoft offers its option. SSTP (Secure Socket Tunneling Protocol). It is built into the MS Windows operating systems starting with Vista SP1. On other operating rooms it will be necessary to install additional utilities. The server in this mode is launched by the command:

It is desirable to check the operability of the protocol from the desktop computer where Windows 10 is installed (you can more old releases). First we install the certification center, download the Cert_Export_mikrotik file.CRT and open it with a double click with a mouse.

The system will open a warning window that it is required to set a certificate. At this stage, you can choose a local computer as a type of storage and place a pre.downloaded file in the category of “trusted” root certification centers.

At the end, let’s move on to the creation of a VPN connection. Open “Parameters. Network and Internet. VPN” and add a new VPN connection, where we will make previously specified login and password of the account. Everything, the connection is installed and ready to work.


The L2TP/IPSEC protocol is similar to setting up from VPN to Mikrotik via PPTP Client. Its support is also built into most operating systems. The main advantage is the built-in encryption of the AES-256 standard, which has no significant vulnerabilities. This guarantees high security, the confidentiality of the transmitted data.

We note here the IPSEC-SECRET parameter. It denotes a common IPSEC key, when setting up a client, you need to install L2TP/IPSEC PSK or L2RP/IPSEC with a common key. Otherwise, the system will not work.


Complete the OpenVPN technology review. This is an open source system that allows you to mask the tunnel for HTTPS traffic. It works at high speed and safe, but an installation of additional programs is required to include support. For example, OpenVPn Connect solutions. You will also need installation of certificates and configuration files OVPN.

Next, create a customer certificate template:

And we generate a certificate on its VPN-SUr account based on it:

Now we export the certificate with the key. During the procedure, you will need to enter the Super-Secret-Pass password set by the export command:

Upon completion through the web-intake, you should find files:

And download them to a local disk, and then make a file of the OVPN configuration:

It remains to transfer the saved OVPN file to the final device and upload it using OpenVPn Connector. Instead of Private Key Password, we will indicate the password set during export. We leave all other parameters the same.

Setting VPN connection from Windows 10 to Mikrotik

In the current note, I will analyze how to configure VPN from Windows 10 Pro X64 to the home/working network where the gateway is the equipment based on Mikrotik (RB2011uias-2HND) version 6.43. Who will watch her will not find anything new, this is just a step.by.step guide for himself.

Windows 10 Pro X64 (Version 10.0.17134.254) Setting VPN connection to Mikrotik

Starting data: Mikrotik I receive a fourth.level domain, for example: 5281153FA719.SN.Mynetname.Net

  • Next through the DNS records of your blog www.Ekzorchik.ru creating a CNAMECHING VIDA: Home.Ekzorchik.ru = domain of the fourth level. In your case, if this is not then or buy a static IP address, use Dyndns or I have no other difficulties.
  • By the note I raise the VPN/L2TP service at home mikrotik
  • I create permitting rules and prohibiting

On the system under the control of Windows 10 Pro X64, I set up the connection to the home network using VPN connection: L2TP IPSEC.

Style = “Color: #ff00ff;” Note: Well, of course, Home domain.Ekzorchik.ru is not in reality, so do not try to connect or choose a blog sheet in a ban, I will see.

Win R. Control.exe. (View: Category) Small icons. the Center for Control of networks and total access. “Creation and setting up a new connection or network”. “Connection to the workplace”. “Use my Internet connection (VPN)”

  • Internet address: Home.Ekzorchik.ru
  • Epistence object name: Home
  • Remember the accounting data: I note with a checkmark

And I click “Create” the windows “Connecting to the workplace”, after moving to “Changing the parameters of the adapter”, according to the created connection with the name “Home” through the right click, I choose the “Properties” element, then the “Safety” tab:

  • Type VPN: L2TP protocol with IPSEC (L2TP/IPSEC)
  • Then “additional parameters” and indicate the IPSEC key
  • “To check the authenticity, use a common key”: Key: AA1234567@!

After that, I click “Allow the following protocols”: “Microsoft Chap protocol version 2 (MS-CHAP-2)” and press October Home: then again, I choose Home by the created Home by the right click, but already “connect/turn off”, I indicate the username and password and veil connection to the home network successfully configured.

Further, depending on how the VPN is configured and the rules of the firewall, I get access to the home network/work network.

And so all the steps are completed successfully. On this I say goodbye, with respect the author of the blog Ollo Alexander Aka Ekzorchik.