Mikrotik VPN Client Connections – PPTP
Alright my peoples. This one will show you how to do a simple PPTP setup on your Mikrotik and even how to configure your Windows machine to connect to said PPTP server. This will allow you to securely access your network remotely by creating a secure tunnel over the internet.
Click the link below for the video!
If you like this one, please leave me a comment below. I crave approval, so make my day by dropping me a note.
Thank you for this tutorial, Greg! This PPTP config is simple and on par with WatchGuard appliances as far as ease of setup.
Holden,
NP bud! I’m glad this one helped. This feature rocks, plain and simple. I suppose I could have also mentioned that you can use radius authentication…even auth off of an Active Directory domain!
Greg
Hey, thanks for the simple tutorial. I have been trying to get an ipsec, road warrior vpn setup for two days no, with no luck. It was nice to be successful at something 🙂
Excellent, I’m glad to help 🙂 I’m always in for a win.
Hello, after start VPN connection I get Ip address 192.168.1.21 and default gateway is the same.How could I change it?If it is so, I can`t access on another PC.I need to have the same default gateway for all VPN connections.
Hello, thank you for tutorial, but it doesn`t works right.When I`m connected to Mikrotik through VPN I have IP address and gateway the same.Then I can`t acces to another computer which is connected through VPN to Mikrotik too.Where could I set default gateway for all connections?Thanks.
I’m trying to figure out what you are asking. It seems like you are asking if you can connect using the same PPTP secret on multiple machines at the same time? If this is the case; it won’t work. It would try to hand out the same IP to each client.
I believe you can specify the same local address, not that it will help with your question.
Lady,
The PPTP connections will tunnel everything. The MTK PPTP server won’t allow you to add static routes to the client. If you want to do alternate routing on the client side, you have to use static routes. A script could probably be written to run on the client side to watch for the PPTP connection and adjust.
nice software
Hi,
I already setup VPN through PPtP as instructed, and its already able to connected.
The problem that I still cannot print through VPN connection, although it is already connected and another strange things, when I ping it, it result with RTO.
Kindly to have explanation how to figure this out.
Thanks in Advance,
Indra,
Are you trying to print from the hub site to the remote or are you printing from the remote to the hub site. I assume it is the hub site. You have the printer mapped straight on your machine, or are you using a print server?
Hi,
I set up the VPN through PPtP as instructed and it connects just fine. The problem is that I can’t seem to access any of the work lan resources (like the computer or network storage). Not only that, unless I disable the Windows firewall on the remote computer, I can’t even ping it. Any suggestions?
Thanks in advance
If the subnet you are handing your PPtP client is the same subnet that your inside machines live on, then you will need to enable proxy arp on that inside interface. Check firewall rules.
nice and good tutorials
Hi
I have a problem. I can connect to the pptp and it gives me a IP in the same subnet, but I cannot connect to devices on that network or ping any devices. I had to forward ports on the Mikrotik thats on the public IP to a mikrotik that is connected via Radio towers. I can ping the mikrotik but no devices.
Thanks in advance
Francois,
Try enabling proxy-arp on the inside interface.
Once again, excellent. I’m late coming to the party, but man oh man this helps. I feel like I’m learning quite a bit from your tutorials. Thanks.
Now for the stupid question. Is my connection encripted, or secure? And how would I know that from the RB750g side??
B,
Thanks, I’m glad they helped!
It is encrypted if you are using mschapv1 or 2. Mschapv1 is more vulnerable than v2. Ultimately you will have to determine if someone wants to capture your packets then attack…I know I’m gunnin for you now. 😉
c’est exactement ce que je cherchais. merci GREG t’es un génie
It’s exactely what i need.thank you my big Boss
good
A good one. thank you. I, a rookie has been able to successfully configure VPN using PPTP. But how do i do Active Directory Authentication so users can authenticate with same username and password they use to log in to the domain to log in to the VPN.
I will appreciate any help.
It works perfectly… just not outside my network :-(. After reading / watching every tutorial I can find, I think it is related to my use of SRC-NAT instead of Masquerade (cause I have multiple external ips and multiple internal nets). But, you are the man. You make my mikrotik simple.
@chuks
You need to enable radius authentication. In windows 2000-2003 it is AIS which you need to install. In version 2008 it is NPS.
A very informative site from a guy with a very cool name.
Thanks for your help.
this is awesome, really very good
Excellent tutorial! I was able to set up the tunnel that I have been working on for hours in minutes!
Question, it does not seem to be assigning me a gateway ip. it just shows 0.0.0.0 and I am not able to access anything on the remote network. Any hot ideas?
@JB
Whichever interface is in the same subnet as your remote addressing, set arp from enabled to proxy arp.
Works perfectly now!! Thanks so much.
I have done this an am successfully able to get connected. I have enabled proxy-arp on the internal interface. I can ping devices in my VPN network by IP address by not by name. I cannot access anything buy doing \\server in a run command. Any ideas?
@Kyle
This is most likely going to be a WINS issue. In your PPP profile on the MTK, add your Windows DNS servers into the wins section.
🙁
I tried the putting my windows dns server in the wins box and the dns box to no avail 🙁
I could use file sharing under XP by using //192.168.1.11 in windows explorer, but that doesn’t work in win 7.
I can connect to the vpn and ping any IP on the network from my netbook.
@Jay
Are you using windows 7 pro?
hi . thank you for your help.
it s very usefull.
MicroTik Master at work. Thanks man.
Ha, we do what we do 😛
Thx for the effort of making this video. Very useful for beginner like me 🙂
Simple, concise, and had my vpn up and running in minutes. Many thanks!
Nice video, I really like the interactive comments :).
@jay
Try [windows key]+r to bring up your run window. Then type the IP with slashes \\x.x.x.x.
Also check that the network you are connected to is not set as public in your file sharing. Then check to make sure that file sharing is enabled for work and private networks.
What I have done when I can’t get name resolution through a vpn connection with wins is to set the Mikrotik to give the client all its dns needs.
First set the mikrotik to obtain dns from your local server that holds the dns zones (winbox -> ip -> dns).
Second create a dhcp pool with ranges in your local lan(winbox -> ip -> pool).
Third set up a profile (winbox -> ppp -> profiles) and use the pool you just created in your remote address dropdown of that profile. Also set your local address in your profile instead of the secret.
Forth go to winbox -> ppp -> secrets and remove the remote and local addresses. Set the profile drop down to the one you just created.
Last change you might have to make is to make sure that your dhcp server is set up to give out its own local address as dns server(ip -> dhcp-server -> networks)
If that doesn’t work check the clients dns servers
ipconfig /all
Good stuff. It is helpful to mention that the default firewall rules need to be adjusted as well to allow TCP traffic on port 1723 as well as the GRE protocol.