MikroTik: L2TP/IPsec VPN Firewall Rules

MikroTik: L2TP/IPsec VPN Firewall Rules

When you configure a L2TP/IPSec VPN on a MikroTik RouterOS device you need to add several IP Firewall (Filter) rules to allow clients to connect from outside the network.

L2TP/IPSec Firewall Rule Set

These rules must be placed above any deny rules on the “input” chain.

The ruleset can be further condensed by combining the 3 udp rules into one.

Add these firewall rules in Winbox

If you want to avoid pasting commands into the cli you can create these firewall rules in winbox, here are some screenshots.

Winbox Screenshots - Click to Enlarge
Winbox Screenshots – Click to Enlarge

Important: Don’t forget to reorder your input rules!

l2tp-ipsec-reorder-firewall-rules-winbox

Comments are closed.