Configure MikroTik VPN using Radius and NPS on Windows AD

Configure NPS on a Domain controller: (Based on Windows Server 2019) Install NPS Role open NPS admin console Select "RADIUS server for Dial-Up or VPN Connections" and click "Configure VPN or Dial-Up Select "VPN Connections" and click Next Click "Add" and fill in details as required (IP must be the IP of the router) Take note of the Shared Secret Click next on the rest of the screens (add groups as required)

Note: Before users will be able to authenticate using Radius "Allow Access" on the "Dial-in" Tab for the user in AD will need to be selected as "Control Access throught NPS Network Policy" does not work at least for Windows Server 2016 and above.

on the Mikrotik: Click "Radius" then "+" Complete the following: Service: ppp Domain: domain Address: IP of NPS Server Secret: Password defined while setting up NPS Src Address: The IP of the interface (Must match the IP Specified in while setting up NPS)

Add the following rule in the firewall: chain: input, Action: Accept, Protocol: TCP, Dst. Port: 1723 chain: input, Action: Accept. Protocol: 47 (gre)

Source: https://mivilisnet.wordpress.com/2018/10/01/how-to-integrate-your-mikrotik-router-with-windows-ad/