Hello

I've got Mikrotik 2.9 router. I've configured PPTP and added user account. Everything seemed to be OK -- user can login to VPN from Internet and have access to Mikrotik's local network. But he get's he's IP as a default route on he's local PC.

How to disable default route for him and make him to use this VPN connection only for 192.168.0.0/24 networks. I've tried to fill "Routes" property for user account but it does not seemed to work.

Pls Help

P.S.: sorry for bad english.

the client is a Windows PC? Then you need to set up custom routes in his windows PC, in the command line.

Yes, client is Windows PC
i've tried to setup custom route, but VPN setups default route: 0.0.0.0 0.0.0.0 192.168.108.72 1
and
route delete 0.0.0.0

does not seemed work
any suggestions?

Then you need to uncheck this box:
and after that use "route add" to set which traffic will use the PPTP gateway

Ok, That part of my problem is resolved. Big thanx to you =)

Now the second part. I've got OSPF setup on that mikrotik and i do not want client addresses assigned to them by pptp to expose on routes list (i've got router entry for 192.168.108.0/24 already, i do not want it to add all that 192.168.108.54, 108.55, etc.) is that achievable?

There are two ways:
1) add routing filter ( chain=ospf-out ) that will allow only 192.168.108.0/24 and drop the rest.
2) add another ospf area and add area range, here is an example:
http://wiki.mikrotik.com/wiki/OSPF_and_Area_summaries

can u please describe
1) add routing filter ( chain=ospf-out ) that will allow only 192.168.108.0/24 and drop the rest.
more briefly?

I've managed to work around problem with OSPF network areas tweak, now i want to know how to do that with routing filter.

Thanx

/routing filter
add chain=ospf-out prefix=192.168.108.0/24 prefix-length=24 action=accept
add chain=ospf-out prefix=192.168.108.0/24 prefix-length=24-32 action=discard

routing> filter
no such command or directory (filter)

make sure you use RouterOS v3.16 with the routing-test package

That's 2.9 mikrotik (as i've mention in my first post).

I've just enabled routing-test package, need to reboot router but can't do that until 19 PM EET

Ok, thank you people, now everything works as it should. But the story continues: now I need to distinguish traffic from VPN and mark it in mangle section. The problem is that DHCP server and PPTP uses same address pool (that's how it supposed to be, 'cause IP addresses amount are limited here).

Any way to mark traffic from VPN only? thanx!

anyone?

as i see in your configuration examples, then you are using addresses from private address list, then you can use other subnets like 10.0.0.0/8 or 172.16.0.0/16 networks for your pptp.Of course, you can set up limitation directly in /ppp profile and that way ensure, that all that connect to ppp using that profile will use that bandwidth limitation.

as i see in your configuration examples, then you are using addresses from private address list, then you can use other subnets like 10.0.0.0/8 or 172.16.0.0/16 networks for your pptp.Of course, you can set up limitation directly in /ppp profile and that way ensure, that all that connect to ppp using that profile will use that bandwidth limitation.

The reason why i need to EXACTLY distinguish PPTP traffic from any other it's because we have some unmanaged pc's in our network (like laptops or personally administrated desktops) and I need to prevent them from accessing the Internet by taking one of the NAT'ed IPs.

Also i can not use 10.0.0.0/8 and 172.16.0.0/12 networks, 'cause local address space in our network are stricted and allocated by another instance, so i have only 192.168.108.0/24 and 192.168.158.0/24 networks available. First one is used for static addresses second one is for DHCP and PPTP.

up-up =)