Mikrotik Router PPTP Remote Access VPN Server Configuration








 


 Point to point tunneling protocol is a method for implementing virtual private network .PPTP used controll channel over TCP and GRE  and encalsulting ppp packet.PPTP have many kind of security variability key establishment.
 


Basic Ip Address Configuration:
ip address> add address=103.7.248.206 interface=PUBLIC

ip address> add address=192.168.1.1 interface=LOCAL

/ip pool> add name=VPNPOOL ranges=192.168.1.2-192.168.1254

 NAT Configuration:
/ip firewall nat>
add chain=srcnat action=masquerade out-interface=PUBLIC
 PPP Profile Configuration:
/ppp profile

add name="VPN" local-address=192.168.1.1 remote-address=VPNPOOL use-mpls=default use-compression=default
     use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default dns-server=8.8.8.8,4.4.4.4

 PPPTP Server Configuration:
/interface pptp-server>
            add disabled=no name=VPN
/interface pptp-server server>
             set enabled=yes authentication=mschap1,mschap2
 PPTP User Create:
 /ppp secret>
/ppp secret> add name=test1 service=pptp password=123 remote-address=192.168.1.20 local-address=192.168.1.1





Verification:
[admin@Mikrotik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE                               
 0   103.7.248.206/29   103.7.248.200   PUBLIC                                   
 1   192.168.1.1/24     192.168.1.0     LOCAL  



[admin@Mikrotik] /ip pool> print
 # NAME                                                                                      RANGES                        
 0 VPNPOOL                        192.168.1.2-192.168.1.254

[admin@Mikrotik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=srcnat action=masquerade out-interface=PUBLIC




[admin@Mikrotik] /ppp profile> print
Flags: * - default
 0 * name="default" use-mpls=default use-compression=default use-vj-compression=default use-encryption=default
     only-one=default change-tcp-mss=yes

 1   name="VPN" local-address=192.168.1.1 remote-address=VPNPOOL use-mpls=default use-compression=default
     use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default dns-server=8.8.8.8,4.4.4.4

 2 * name="default-encryption" use-mpls=default use-compression=default use-vj-compression=default use-encryption=yes
     only-one=default change-tcp-mss=yes

   
[admin@Mikrotik] /interface pptp-server> print
Flags: X - disabled, D - dynamic, R - running
 #     NAME                     USER                MTU CLIENT-ADDRESS                   UPTIME   ENCODING                 
 0     VPN                                 

   
[admin@Mikrotik] /interface pptp-server server> print
            enabled: yes
            max-mtu: 1460
            max-mru: 1460
               mrru: disabled
     authentication: mschap1,mschap2
  keepalive-timeout: 30
    default-profile: default-encryption






[admin@Mikrotik] /ppp secret> print
Flags: X - disabled
 #   NAME                 SERVICE CALLER-ID                 PASSWORD                 PROFILE                 REMOTE-ADDRESS
 0   test                 pptp                              123                      default                 192.168.1.2   



[admin@Mikrotik] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0   S  0.0.0.0/0                          103.7.248.201             1
 1 ADC  103.7.248.200/29   103.7.248.206   PUBLIC                        0
 2 ADC  192.168.1.0/24     192.168.1.1     LOCAL                             0
Firewall Rules apply for PPTP:
/ip firewall filter
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input disabled=no protocol=gre

Make sure these rules are above any general DENY rule.