I’ve been using Private Internet Access for many years. Speeds are generally good on multiple servers, support for Linux is good and you can even setup and run a VPN from different routers, including Mikrotik.
Below is my config and winbox screenshots for connecting a single IP address to a PIA L2TP / IPsec VPN. Whether there’s something more optimal, I can’t say, but the below works.
Obviously, you’ll need a Private Internet Access account, and you can choose any of the networks shown on their networks page. You’ll also need a PPTP/L2TP/SOCKS Username and Password, which is different from your login / desktop / mobile VPN app login. PPTP/L2TP/Socks usernames and passwords begin with “x0” instead of “p0” from my understanding. You can get that from within your control panel when logging into the website.
L2TP Config
/interface l2tp-client add connect-to=SERVER.privateinternetaccess.com disabled=no ipsec-secret=mysafety name=pia-out password=PASSWORD use-ipsec=yes user=USERNAME
IPsec Config
/ip ipsec proposal set [ find default=yes ] pfs-group=none
IP Firewall NAT Config
/ip firewall nat add action=masquerade chain=srcnat out-interface=pia-out
IP Firewall Mangle Config
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=PIA passthrough=yes \
src-address=192.168.88.123
IP Route Config
/ip route add distance=1 gateway=pia-out routing-mark=PIA
Screenshots
L2TP Config
IPsec Config
IP Firewall NAT Config
IP Firewall Mangle Config
IP Route Config
I had to rebuild my PIA VPN recently due to moving to a new router, a MikroTik hAP AC, and couldn’t get it working by memory or some random guide I found online, so had to restore an old config. I figured it’d be helpful for some others as well.
Any critiques, recommendations or questions, let me know.