Hi,
I have a scenario, in which I want my traffic to be routed to internet through the MikroTik PPTP VPN server once the PPTP connection is established. I have one Ethernet interface in the RouterOS with public IP to which I am connecting. Is it possible to achieve this? How can it be done?
Thanks.
Re: PPTP VPN
A little bit more information would be helpful. Are you looking at some kind of hairpin configuration? Secondly, PPTP is considered insecure. Better to use L2TP.
Personally, I use L2TP to dial in with a Windows client from a remote location and all traffic is pushed through the VPN by default, i.e. as far as the internet is concerned, all traffic is originating from my dial in location. I don't think I did any special configuration for this. With OpenVPN you have more control which routes are pushed (i.e. only tunnel specific traffic) but as Mikrotik's implementation lacks significantly I don't think you can configure this in RouterOS.
Personally, I use L2TP to dial in with a Windows client from a remote location and all traffic is pushed through the VPN by default, i.e. as far as the internet is concerned, all traffic is originating from my dial in location. I don't think I did any special configuration for this. With OpenVPN you have more control which routes are pushed (i.e. only tunnel specific traffic) but as Mikrotik's implementation lacks significantly I don't think you can configure this in RouterOS.
Re: PPTP VPN
Yes, it can be done.Hi,
I have a scenario, in which I want my traffic to be routed to internet through the MikroTik PPTP VPN server once the PPTP connection is established. I have one Ethernet interface in the RouterOS with public IP to which I am connecting. Is it possible to achieve this? How can it be done?
Thanks.
1. Create a route to the remote PPTP Server IP Address
Code: Select all
/ip route add dst-address=<PPTP server PUBLIC ip address> gateway=<your ISP gateway>
Code: Select all
/ip route add gateway=<your ISP gateway> distance=5
/ip route add gateway=<PPTP server PRIVATE ip address> distance=1 check-gateway=ping
Code: Select all
/ip firewall nat add action=masquerade chain=srcnat disabled=yes out-interface=<PPTP Interface>Re: PPTP VPN
Thanks a lot magchiel and skillful for help. I think the post is not clear enough, so I am describing it in much more detail now.
I have installed RouterOS on one server and assigned the ether1 interface a Public IP and have added the 0.0.0.0/0 route to point to the default gateway for internet connectivity. There is no NAT involved here as this server has direct internet connectivity with static Public IP.
After doing the above, I enabled the PPTP VPN in RouterOS, created a PPP secret and then successfully connected to the server through the Windows PPTP VPN client. Now I want to do internet browsing through this VPN connection. How to achieve this? At the moment I am just able to connect through VPN, but unable to do any internet browsing.
For reference, I am assigning 10.0.0.100 as "Local Address" and 10.0.0.200 as "Remote Address" for the VPN connection.
I have installed RouterOS on one server and assigned the ether1 interface a Public IP and have added the 0.0.0.0/0 route to point to the default gateway for internet connectivity. There is no NAT involved here as this server has direct internet connectivity with static Public IP.
After doing the above, I enabled the PPTP VPN in RouterOS, created a PPP secret and then successfully connected to the server through the Windows PPTP VPN client. Now I want to do internet browsing through this VPN connection. How to achieve this? At the moment I am just able to connect through VPN, but unable to do any internet browsing.
For reference, I am assigning 10.0.0.100 as "Local Address" and 10.0.0.200 as "Remote Address" for the VPN connection.
Re: PPTP VPN
You need to enable NAT for your VPN client or assign them an Internet routable static.
Re: PPTP VPN
Double check a) whether traffic is flowing properly through the tunnel to the outside world and b) whether DNS settings are correct.
You can check a) e.g. by doing a traceroute to some outbound IP e.g. 8.8.8.8 (not hostname in case DNS is crooked) or by opening a torch on your PPTP interface and start a ping -t from your dial up client. If traffic is flowing properly your router IP should show up in the traceroute or you'll receive a ping response while showing traffic on the torch.
Check b) by doing a nslookup from your client computer to e.g. google.com. Also remember that DNS setttings for PPP are configured separately in the PPP profile and aren't taken from the DHCP server. Secondly make sure that if you're using the Mikrotik as DNS relay it is configured to allow remote requests (and the firewall is configured to prevent open DNS).
You can check a) e.g. by doing a traceroute to some outbound IP e.g. 8.8.8.8 (not hostname in case DNS is crooked) or by opening a torch on your PPTP interface and start a ping -t from your dial up client. If traffic is flowing properly your router IP should show up in the traceroute or you'll receive a ping response while showing traffic on the torch.
Check b) by doing a nslookup from your client computer to e.g. google.com. Also remember that DNS setttings for PPP are configured separately in the PPP profile and aren't taken from the DHCP server. Secondly make sure that if you're using the Mikrotik as DNS relay it is configured to allow remote requests (and the firewall is configured to prevent open DNS).
Re: PPTP VPN
The above mentioned action solved the problem. Thanks a lot bkuhn.You need to enable NAT for your VPN client or assign them an Internet routable static.
