====== Mikrotik L2TP IPSec ====== /ip pool add name=pool1 ranges=172.16.1.100-172.16.1.200 /ppp profile add dns-server=10.1.0.2 local-address=10.1.0.1 name=profile1 remote-address=pool1 /ppp secret add name= password= profile=profile1 remote-address=172.16.1.10 service=l2tp /interface l2tp-server server set authentication=mschap2 default-profile=profile1 enabled=yes ipsec-secret="" use-ipsec=required /interface l2tp-server add name=l2tp-in1 user= /ip ipsec proposal add auth-algorithms=sha512 enc-algorithms=aes-256-cbc name=proposal1 pfs-group=modp8192 /ip ipsec policy add dst-address=0.0.0.0/0 proposal=proposal1 src-address=10.1.0.0/24 template=yes /ip ipsec profile add dh-group=modp8192 enc-algorithm=aes-256 name=profile1 /ip route add comment=ClientSiteNetwork1 distance=1 dst-address=10.0.0.0/24 gateway=172.16.1.10 /ip route add comment=ClientSiteNetwork2 distance=1 dst-address=10.0.1.0/24 gateway=172.16.1.10 /ip firewall filter add action=drop chain=forward in-interface=!ether4 out-interface=l2tp-in1 /ip firewall filter add action=drop chain=forward in-interface=l2tp-in1 out-interface=!ether4 /interface l2tp-client add connect-to= disabled=no ipsec-secret="" name=l2tp-out1 password= use-ipsec=yes user= /ip route add comment=ServerSideNetwork distance=1 dst-address=10.1.0.0/24 gateway=10.1.0.1