Community discussions

MikroTik App
 
MTusewk
newbie
Topic Author
Posts: 32
Joined: Sat Nov 15, 2014 1:12 pm

PPTP VPN

Wed Nov 19, 2014 8:53 pm

Hi,

I have a scenario, in which I want my traffic to be routed to internet through the MikroTik PPTP VPN server once the PPTP connection is established. I have one Ethernet interface in the RouterOS with public IP to which I am connecting. Is it possible to achieve this? How can it be done?


Thanks.
 
magchiel
Member Candidate
Member Candidate
Posts: 135
Joined: Mon Jan 06, 2014 2:13 pm

Re: PPTP VPN

Fri Nov 21, 2014 6:05 pm

A little bit more information would be helpful. Are you looking at some kind of hairpin configuration? Secondly, PPTP is considered insecure. Better to use L2TP.

Personally, I use L2TP to dial in with a Windows client from a remote location and all traffic is pushed through the VPN by default, i.e. as far as the internet is concerned, all traffic is originating from my dial in location. I don't think I did any special configuration for this. With OpenVPN you have more control which routes are pushed (i.e. only tunnel specific traffic) but as Mikrotik's implementation lacks significantly I don't think you can configure this in RouterOS.
 
User avatar
skillful
Trainer
Trainer
Posts: 552
Joined: Wed Sep 06, 2006 1:42 pm
Location: Abuja, Nigeria
Contact:

Re: PPTP VPN

Fri Nov 21, 2014 6:45 pm

Hi,

I have a scenario, in which I want my traffic to be routed to internet through the MikroTik PPTP VPN server once the PPTP connection is established. I have one Ethernet interface in the RouterOS with public IP to which I am connecting. Is it possible to achieve this? How can it be done?
Thanks.
Yes, it can be done.

1. Create a route to the remote PPTP Server IP Address
/ip route add dst-address=<PPTP server PUBLIC ip address> gateway=<your ISP gateway>
2. Add to default routes, one to your ISP and the other to the PPTP Server PRIVATE IP address
/ip route add gateway=<your ISP gateway> distance=5
/ip route add gateway=<PPTP server PRIVATE ip address> distance=1 check-gateway=ping
3. Add a masquarade rule for packets egressing the PPTP interface
/ip firewall nat add action=masquerade chain=srcnat disabled=yes out-interface=<PPTP Interface>
Now, once PPTP is up, the PPTP becomes your default route and when it goes down, packets are router over ISP gateway.
 
MTusewk
newbie
Topic Author
Posts: 32
Joined: Sat Nov 15, 2014 1:12 pm

Re: PPTP VPN

Sat Nov 22, 2014 5:28 pm

Thanks a lot magchiel and skillful for help. I think the post is not clear enough, so I am describing it in much more detail now.

I have installed RouterOS on one server and assigned the ether1 interface a Public IP and have added the 0.0.0.0/0 route to point to the default gateway for internet connectivity. There is no NAT involved here as this server has direct internet connectivity with static Public IP.

After doing the above, I enabled the PPTP VPN in RouterOS, created a PPP secret and then successfully connected to the server through the Windows PPTP VPN client. Now I want to do internet browsing through this VPN connection. How to achieve this? At the moment I am just able to connect through VPN, but unable to do any internet browsing.

For reference, I am assigning 10.0.0.100 as "Local Address" and 10.0.0.200 as "Remote Address" for the VPN connection.
 
bkuhn
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Fri Oct 15, 2010 12:17 am

Re: PPTP VPN

Sun Nov 23, 2014 6:16 am

You need to enable NAT for your VPN client or assign them an Internet routable static.
 
magchiel
Member Candidate
Member Candidate
Posts: 135
Joined: Mon Jan 06, 2014 2:13 pm

Re: PPTP VPN

Sun Nov 23, 2014 12:16 pm

Double check a) whether traffic is flowing properly through the tunnel to the outside world and b) whether DNS settings are correct.

You can check a) e.g. by doing a traceroute to some outbound IP e.g. 8.8.8.8 (not hostname in case DNS is crooked) or by opening a torch on your PPTP interface and start a ping -t from your dial up client. If traffic is flowing properly your router IP should show up in the traceroute or you'll receive a ping response while showing traffic on the torch.

Check b) by doing a nslookup from your client computer to e.g. google.com. Also remember that DNS setttings for PPP are configured separately in the PPP profile and aren't taken from the DHCP server. Secondly make sure that if you're using the Mikrotik as DNS relay it is configured to allow remote requests (and the firewall is configured to prevent open DNS).
 
MTusewk
newbie
Topic Author
Posts: 32
Joined: Sat Nov 15, 2014 1:12 pm

Re: PPTP VPN

Tue Dec 02, 2014 8:49 pm

You need to enable NAT for your VPN client or assign them an Internet routable static.
The above mentioned action solved the problem. Thanks a lot bkuhn. :)