MikroTik – L2TP+IPSEC Tunnel Bridging (BCP)

ROUTER HO
———

/ip address
add address=192.168.111.1/24 interface=br_OFFICE
add address=103.123.XXX.YYY/29 interface=ether1

/ip route
add distance=1 gateway=103.123.XXX.YYY

/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=br_OFFICE \
src-address=192.168.111.0/24

/ip pool
add name=pool_OFFICE ranges=192.168.111.2-192.168.111.254

/ip dhcp-server
add address-pool=pool_OFFICE disabled=no interface=br_OFFICE name=dhcp_OFFICE

/ip dhcp-server network
add address=192.168.111.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=\
192.168.111.1 netmask=24

/interface bridge
add name=br_OFFICE

/interface bridge port
add bridge=br_OFFICE hw=no interface=ether2

/ppp profile
add bridge=br_OFFICE dns-server=1.1.1.1,8.8.8.8 name=\
"PROFILE_TUNNEL_OFFICE" use-encryption=yes

/ppp secret
add name=users_client_1 password=YourPa$$w0rd profile="PROFILE_TUNNEL_OFFICE"

/interface l2tp-server server
set authentication=mschap1,mschap2 enabled=yes ipsec-secret=IPSEC_S3cR3T mrru=\
1600 use-ipsec=yes

ROUTER CLIENTS
————–

/interface bridge
add name=br_BCP_HO

/interface bridge port
add bridge=br_BCP_HO interface=ether2

/ppp profile
add bridge=br_BCP_HO name=profile_BCP_HO use-encryption=yes

/interface l2tp-client
add connect-to=103.123.XXX.YYY disabled=no ipsec-secret=IPSEC_S3cR3T mrru=1600 \
name=l2tp-ROUTER-HO password=YourPa$$w0rd profile=profile_PBM use-ipsec=yes user=\
users_client_1

/ip dhcp-client
add disabled=no interface=br_BCP_HO