Get reliable and fast VPS from Dropvps!Buy Now
Menu
Signup | Login
User

DropVPS Team

Writer: John hens

how to setup ikev2 vpn server on mikrotik

how to setup ikev2 vpn server on mikrotik

Publication Date

08/19/2025

Category

Articles

Reading Time

2 Min

Table of Contents

IKEv2 VPN is one of the most secure and stable VPN protocols, widely used for remote access and site-to-site connections. Setting up an IKEv2 VPN server on MikroTik provides strong encryption, fast performance, and seamless client connectivity. 

Step 1: Generate VPN Server Certificates

To establish a secure connection, you first need to generate certificates that will be used by the server:

/certificate add name=VPN-CA common-name=VPN-CA key-usage=key-cert-sign,crl-sign
/certificate sign VPN-CA

Step 2: Configure IKEv2 IPsec Proposal

In this step, define the encryption and authentication methods that the IKEv2 VPN will use for secure:

/ip ipsec proposal add name=ikev2-proposal auth-algorithms=sha256 enc-algorithms=aes-256-cbc pfs-group=none

Step 3: Setup IKEv2 Profile and Peer

Create a profile for IKEv2 and configure a peer to accept VPN connections from clients:

/ip ipsec profile add name=ikev2-profile hash-algorithm=sha256 enc-algorithm=aes-256,3des dh-group=modp2048
/ip ipsec peer add address=0.0.0.0/0 exchange-mode=ike2 profile=ikev2-profile

Step 4: Configure IPsec Identity and Policy

Add an identity for VPN users and define the IPsec policy to ensure traffic between the server and clients is securely encrypted:

/ip ipsec identity add auth-method=pre-shared-key generate-policy=port-strict secret=YourSecret peer=ikev2-peer
/ip ipsec policy add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 sa-src-address=YourWAN sa-dst-address=ClientWAN proposal=ikev2-proposal tunnel=yes

Step 5: Configure Client Mode

Specify how IP addresses and DNS settings will be assigned to connected VPN clients to ensure proper:

/ip ipsec mode-config add name=ikev2-config responder=yes address-pool=VPN-POOL dns-server=8.8.8.8,8.8.4.4
/ip ipsec peer set ikev2-peer mode-config=ikev2-config

Step 6: Add Users and IP Pool

Finally, create a pool of IP addresses for VPN clients and add user credentials to allow secure access:

/ip pool add name=VPN-POOL ranges=192.168.100.10-192.168.100.50
/ppp secret add name=vpnuser password=StrongPass profile=default service=any
Linux VPS
U
Loading...

Related Posts