A vpn tunnel is created on Kerio - the connection type is "Active", with authorization by a predefined key.
local id - arbitrary name kerio
remote id - external ip on mikrotik
remote networks - 192.168.88.0/24 (home for mikrotik)
local networks - network behind kerio, the one in the office
Open ports on mikrotik by running the following commands:
/ip firewall filter add chain=input comment="Allow IKE" dst-port=500 protocol=udp
/ip firewall filter add chain=input comment="Allow IPSec-esp" protocol=ipsec-esp
/ip firewall filter add chain= input comment="Allow IPSec-ah" protocol=ipsec-ah
/ip firewall filter add chain=input comment="Allow UDP" protocol=udp
4 new rules will appear on the ip->Firewall tab:
Configure Proposals (ip->ipsec-Proposals)
/ip ipsec proposal set [ find default=yes ] enc-algorithms=3des,aes-128 pfs-group=none
Configure peer (adress - external ip kerio, password - predefined authorization key, as in vpn settings on kerio):
/ip ipsec peer add address=195.138.xxx.xxx/32 dh-group=modp1536 exchange-mode=main-l2tp generate-policy=port -override hash-algorithm=sha1 passive=yes secret=password
After that, the tunnel should go up.
To pass traffic between the office and home networks, you need to add the rule
/ip firewall nat add chain=srcnat dst-address=10.10.10.0/24 src-address=192.168.88.0/24
(Network 10.10.10.0/24 in the example is the office network , for kerio
192.168.88.0/24 - home network, for mikrotik)

Add a route on the server to the home network via the PPTP interface.

Thank you! But it didn’t work out, I tried many options, but I didn’t get access to 192.168.88.0, even from the server (perhaps you need to configure something else in the router). But we managed to get access to the client's IP vpn from the enterprise network (home router), which is already pleasing. 192.168.88.1 Router 192.168.88.252 Computer

I don't have exchange-mode=main-l2tp.
There is only main, aggressive, base
. Do I need to add it somehow? Or is my OS version wrong?