PIA L2TP/IPsec VPN Setup – Mikrotik

I’ve been using Private Internet Access for many years. Speeds are generally good on multiple servers, support for Linux is good and you can even setup and run a VPN from different routers, including Mikrotik.

Below is my config and winbox screenshots for connecting a single IP address to a PIA L2TP / IPsec VPN. Whether there’s something more optimal, I can’t say, but the below works.

Obviously, you’ll need a Private Internet Access account, and you can choose any of the networks shown on their networks page. You’ll also need a PPTP/L2TP/SOCKS Username and Password, which is different from your login / desktop / mobile VPN app login. PPTP/L2TP/Socks usernames and passwords begin with “x0” instead of “p0” from my understanding. You can get that from within your control panel when logging into the website.

L2TP Config

/interface l2tp-client
add connect-to=SERVER.privateinternetaccess.com disabled=no ipsec-secret=mysafety name=pia-out password=PASSWORD use-ipsec=yes user=USERNAME

IPsec Config

/ip ipsec proposal
set [ find default=yes ] pfs-group=none

IP Firewall NAT Config

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pia-out

IP Firewall Mangle Config

/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=PIA passthrough=yes \
    src-address=192.168.88.123

IP Route Config

/ip route
add distance=1 gateway=pia-out routing-mark=PIA

 

Screenshots

L2TP Config

IPsec Config

IP Firewall NAT Config


IP Firewall Mangle Config


IP Route Config

I had to rebuild my PIA VPN recently due to moving to a new router, a MikroTik hAP AC, and couldn’t get it working by memory or some random guide I found online, so had to restore an old config. I figured it’d be helpful for some others as well.

Any critiques, recommendations or questions, let me know.

Related Articles:

Posted on Published

Leave a Reply

Your email address will not be published. Required fields are marked *