Point to point tunneling protocol is a method for implementing virtual private network .PPTP used controll channel over TCP and GRE and encalsulting ppp packet.PPTP have many kind of security variability key establishment.
Basic Ip Address Configuration:
ip address> add address=103.7.248.206 interface=PUBLIC
ip address> add address=192.168.1.1 interface=LOCAL
/ip pool> add name=VPNPOOL ranges=192.168.1.2-192.168.1254
NAT Configuration:
/ip firewall nat>
add chain=srcnat action=masquerade out-interface=PUBLIC
PPP Profile Configuration:
/ppp profile
add name="VPN" local-address=192.168.1.1 remote-address=VPNPOOL use-mpls=default use-compression=default
use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default dns-server=8.8.8.8,4.4.4.4
PPPTP Server Configuration:
/interface pptp-server>
add disabled=no name=VPN
/interface pptp-server server>
set enabled=yes authentication=mschap1,mschap2
PPTP User Create:
/ppp secret>
/ppp secret> add name=test1 service=pptp password=123 remote-address=192.168.1.20 local-address=192.168.1.1
Verification:
[admin@Mikrotik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 103.7.248.206/29 103.7.248.200 PUBLIC
1 192.168.1.1/24 192.168.1.0 LOCAL
[admin@Mikrotik] /ip pool> print
# NAME RANGES
0 VPNPOOL 192.168.1.2-192.168.1.254
[admin@Mikrotik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=PUBLIC
[admin@Mikrotik] /ppp profile> print
Flags: * - default
0 * name="default" use-mpls=default use-compression=default use-vj-compression=default use-encryption=default
only-one=default change-tcp-mss=yes
1 name="VPN" local-address=192.168.1.1 remote-address=VPNPOOL use-mpls=default use-compression=default
use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default dns-server=8.8.8.8,4.4.4.4
2 * name="default-encryption" use-mpls=default use-compression=default use-vj-compression=default use-encryption=yes
only-one=default change-tcp-mss=yes
[admin@Mikrotik] /interface pptp-server> print
Flags: X - disabled, D - dynamic, R - running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENCODING
0 VPN
[admin@Mikrotik] /interface pptp-server server> print
enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: mschap1,mschap2
keepalive-timeout: 30
default-profile: default-encryption
[admin@Mikrotik] /ppp secret> print
Flags: X - disabled
# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS
0 test pptp 123 default 192.168.1.2
[admin@Mikrotik] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 S 0.0.0.0/0 103.7.248.201 1
1 ADC 103.7.248.200/29 103.7.248.206 PUBLIC 0
2 ADC 192.168.1.0/24 192.168.1.1 LOCAL 0
Firewall Rules apply for PPTP:
/ip firewall filter
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input disabled=no protocol=gre
Make sure these rules are above any general DENY rule.
The heart speaks a language that transcends words, and its echoes can be heard in the silent spaces between breaths.moviesda
ReplyDelete