Skip to content
May 27 / Greg

Mikrotik VPN Client Connections – PPTP

Alright my peoples. This one will show you how to do a simple PPTP setup on your Mikrotik and even how to configure your Windows machine to connect to said PPTP server. This will allow you to securely access your network remotely by creating a secure tunnel over the internet.

Click the link below for the video!








If you like this one, please leave me a comment below. I crave approval, so make my day by dropping me a note.

41 Comments

leave a comment
  1. Holden / May 27 2009

    Thank you for this tutorial, Greg! This PPTP config is simple and on par with WatchGuard appliances as far as ease of setup.

  2. Greg / May 27 2009

    Holden,

    NP bud! I’m glad this one helped. This feature rocks, plain and simple. I suppose I could have also mentioned that you can use radius authentication…even auth off of an Active Directory domain!

    Greg

  3. Raymond / Oct 23 2009

    Hey, thanks for the simple tutorial. I have been trying to get an ipsec, road warrior vpn setup for two days no, with no luck. It was nice to be successful at something :)

  4. Greg / Oct 23 2009

    Excellent, I’m glad to help :) I’m always in for a win.

  5. Ladislav / Nov 5 2009

    Hello, after start VPN connection I get Ip address 192.168.1.21 and default gateway is the same.How could I change it?If it is so, I can`t access on another PC.I need to have the same default gateway for all VPN connections.

  6. Lady / Nov 6 2009

    Hello, thank you for tutorial, but it doesn`t works right.When I`m connected to Mikrotik through VPN I have IP address and gateway the same.Then I can`t acces to another computer which is connected through VPN to Mikrotik too.Where could I set default gateway for all connections?Thanks.

  7. Greg / Nov 9 2009

    I’m trying to figure out what you are asking. It seems like you are asking if you can connect using the same PPTP secret on multiple machines at the same time? If this is the case; it won’t work. It would try to hand out the same IP to each client.

    I believe you can specify the same local address, not that it will help with your question.

  8. Greg / Nov 9 2009

    Lady,

    The PPTP connections will tunnel everything. The MTK PPTP server won’t allow you to add static routes to the client. If you want to do alternate routing on the client side, you have to use static routes. A script could probably be written to run on the client side to watch for the PPTP connection and adjust.

  9. Rahul / Nov 24 2009

    nice software

  10. Indra / Dec 22 2009

    Hi,

    I already setup VPN through PPtP as instructed, and its already able to connected.

    The problem that I still cannot print through VPN connection, although it is already connected and another strange things, when I ping it, it result with RTO.

    Kindly to have explanation how to figure this out.

    Thanks in Advance,

  11. Greg / Dec 23 2009

    Indra :

    Hi,

    I already setup VPN through PPtP as instructed, and its already able to connected.

    The problem that I still cannot print through VPN connection, although it is already connected and another strange things, when I ping it, it result with RTO.

    Kindly to have explanation how to figure this out.

    Thanks in Advance,

    Indra,

    Are you trying to print from the hub site to the remote or are you printing from the remote to the hub site. I assume it is the hub site. You have the printer mapped straight on your machine, or are you using a print server?

  12. Clint / May 11 2010

    Hi,

    I set up the VPN through PPtP as instructed and it connects just fine. The problem is that I can’t seem to access any of the work lan resources (like the computer or network storage). Not only that, unless I disable the Windows firewall on the remote computer, I can’t even ping it. Any suggestions?

    Thanks in advance

  13. Greg / May 13 2010

    If the subnet you are handing your PPtP client is the same subnet that your inside machines live on, then you will need to enable proxy arp on that inside interface. Check firewall rules.

  14. mahesh / Jun 17 2010

    nice and good tutorials

  15. Francois / Jul 5 2010

    Hi

    I have a problem. I can connect to the pptp and it gives me a IP in the same subnet, but I cannot connect to devices on that network or ping any devices. I had to forward ports on the Mikrotik thats on the public IP to a mikrotik that is connected via Radio towers. I can ping the mikrotik but no devices.
    Thanks in advance

  16. Greg / Jul 7 2010

    Francois,

    Try enabling proxy-arp on the inside interface.

  17. B Sisk / Jul 13 2010

    Once again, excellent. I’m late coming to the party, but man oh man this helps. I feel like I’m learning quite a bit from your tutorials. Thanks.

    Now for the stupid question. Is my connection encripted, or secure? And how would I know that from the RB750g side??

  18. Greg / Jul 13 2010

    B,

    Thanks, I’m glad they helped!

    It is encrypted if you are using mschapv1 or 2. Mschapv1 is more vulnerable than v2. Ultimately you will have to determine if someone wants to capture your packets then attack…I know I’m gunnin for you now. ;)

  19. sessi / Sep 29 2010

    c’est exactement ce que je cherchais. merci GREG t’es un gĂ©nie

  20. sessi / Sep 29 2010

    It’s exactely what i need.thank you my big Boss

  21. fx / Nov 9 2010

    good

  22. chuks / Apr 13 2011

    A good one. thank you. I, a rookie has been able to successfully configure VPN using PPTP. But how do i do Active Directory Authentication so users can authenticate with same username and password they use to log in to the domain to log in to the VPN.

    I will appreciate any help.

  23. Josh / Apr 19 2011

    It works perfectly… just not outside my network :-(. After reading / watching every tutorial I can find, I think it is related to my use of SRC-NAT instead of Masquerade (cause I have multiple external ips and multiple internal nets). But, you are the man. You make my mikrotik simple.

  24. Greg / Apr 20 2011

    @chuks

    You need to enable radius authentication. In windows 2000-2003 it is AIS which you need to install. In version 2008 it is NPS.

  25. Greg / Jun 14 2011

    A very informative site from a guy with a very cool name.

    Thanks for your help.

  26. forster / Jan 17 2012

    this is awesome, really very good

  27. JB / Jan 31 2012

    Excellent tutorial! I was able to set up the tunnel that I have been working on for hours in minutes!
    Question, it does not seem to be assigning me a gateway ip. it just shows 0.0.0.0 and I am not able to access anything on the remote network. Any hot ideas?

  28. Greg / Jan 31 2012

    @JB
    Whichever interface is in the same subnet as your remote addressing, set arp from enabled to proxy arp.

  29. JB / Feb 1 2012

    Works perfectly now!! Thanks so much.

  30. Kyle / Mar 7 2012

    I have done this an am successfully able to get connected. I have enabled proxy-arp on the internal interface. I can ping devices in my VPN network by IP address by not by name. I cannot access anything buy doing \\server in a run command. Any ideas?

  31. Greg / Mar 7 2012

    @Kyle
    This is most likely going to be a WINS issue. In your PPP profile on the MTK, add your Windows DNS servers into the wins section.

  32. Kyle / Mar 7 2012

    :(

    I tried the putting my windows dns server in the wins box and the dns box to no avail :(

  33. jay / Apr 18 2012

    I could use file sharing under XP by using //192.168.1.11 in windows explorer, but that doesn’t work in win 7.
    I can connect to the vpn and ping any IP on the network from my netbook.

  34. Greg / Apr 19 2012

    @Jay
    Are you using windows 7 pro?

  35. hejazi reza / Aug 6 2012

    hi . thank you for your help.
    it s very usefull.

  36. Johan / Aug 30 2012

    MicroTik Master at work. Thanks man.

  37. Greg / Aug 30 2012

    Ha, we do what we do :P

  38. Zox / Nov 8 2012

    Thx for the effort of making this video. Very useful for beginner like me :)

  39. David / Dec 11 2012

    Simple, concise, and had my vpn up and running in minutes. Many thanks!

  40. webpagetech / Apr 15 2013

    Nice video, I really like the interactive comments :).

    @jay
    Try [windows key]+r to bring up your run window. Then type the IP with slashes \\x.x.x.x.
    Also check that the network you are connected to is not set as public in your file sharing. Then check to make sure that file sharing is enabled for work and private networks.

    What I have done when I can’t get name resolution through a vpn connection with wins is to set the Mikrotik to give the client all its dns needs.
    First set the mikrotik to obtain dns from your local server that holds the dns zones (winbox -> ip -> dns).
    Second create a dhcp pool with ranges in your local lan(winbox -> ip -> pool).
    Third set up a profile (winbox -> ppp -> profiles) and use the pool you just created in your remote address dropdown of that profile. Also set your local address in your profile instead of the secret.
    Forth go to winbox -> ppp -> secrets and remove the remote and local addresses. Set the profile drop down to the one you just created.
    Last change you might have to make is to make sure that your dhcp server is set up to give out its own local address as dns server(ip -> dhcp-server -> networks)

    If that doesn’t work check the clients dns servers
    ipconfig /all

  41. Rob / Apr 25 2013

    Good stuff. It is helpful to mention that the default firewall rules need to be adjusted as well to allow TCP traffic on port 1723 as well as the GRE protocol.

Leave a Comment

*