For L2TP-over-IPsec with PSK, RouterOS handles many defaults. If you need explicit peer changes (e.g., NAT traversal), add:
For v7 and advanced setups, prefer aes-256-gcm if supported; adjust to your RouterOS version. mikrotik l2tp server setup full
Better: Add an allow rule in the forward chain: For L2TP-over-IPsec with PSK, RouterOS handles many defaults
(only LAN traffic goes through VPN, internet goes direct from client), do not send a default gateway via the L2TP profile. Instead, push local routes. For L2TP-over-IPsec with PSK
The heart of the setup was the itself. In the PPP > Interface window, Alex clicked the L2TP Server button. He checked the Enabled box and, most importantly, set Use IPsec to "yes". He typed a strong IPsec Secret —a pre-shared key that he would later share with his team to encrypt their data.