CONFIGURE PPTP VPN ON MIKROTIK

Virtual Private Network (VPN)

VPN refers to a computer network in which the connections between the devices (nodes) utilizes public networks so that all you need is an internet connection at each site.
When implementing a VPN, the interconnection between nodes will have a special virtual path over public networks that are independent.This method is usually used to create communications that are secure, such as online ticketing system with a centralized database server.

Point to Point Tunnel Protocol (PPTP)

One service that is commonly used to establish a VPN network is a Point to Point Tunnel Protocol (PPTP). A PPTP connection consists of a Server and a Client.
RouterOS can function as both a server and a client, or even switched the two together in a same machine. This feature is included in the PPP package so you need to check in the menusystem package whether the package is already on the router or not. PPTP Client functions also exist in almost every OS, so we can use the Laptop / PC as a PPTP Client.

PPTP is typically used for multihop network that already passes through the router (Routed Network). If you want to use PPTP on the router make sure there is no rule that you do the blocking of TCP protocol and IP protocol 47/GRE 1723 for PPTP service using the protocol.

Topology

In this article we will be exemplified when connecting the network by implementing a VPN with PPTP. For its topology can be seen in the figure below.

PPTP_rev1

Office Router A and Router B are connected to the Internet Office via ether 1 and PC on each local network is connected to the Ether 2. Remote client also been connected to the internet.
We will do the configuration so that Router A and A LAN network can be accessed from the LAN Router B and B as well as the Remote Client. PPTP setting steps with Winbox as follows:

Configuring PPTP Server
Based on the above topology, which became the center of the link PPTP (concentrator) is the Office Router A, then we have to do a PPTP server settings on the router.

Enable PPTP Server
The first step that must be done is to enable the PPTP server. Sign inPPP menu-> Interface-> PPTP Server. Use profile “default-encryption” in order to track encrypted VPN.

Server.0.1

Secret

At this stage, we can specify a username and password for the authentication client that will connect to the PPTP server. The use of uppercase and lowercase letters will be influential.

– Local Address is the IP address that will be installed on the router itself (Router A / PPTP Server) after the PPTP link is formed
– Remote Address is the IP address that will be given to the client after the PPTP link is formed.

An example configuration as follows. Navigate to use the profile “default-encryption”

Secret.rev.0.1

Up here, the configuration of Router A (PPTP Server) are finished, now we are doing the configuration on the client side.

Office Client Router B
The steps to configure the Router Mikrotik PPTP Client are as follows:

Add new PPTP Client interface, perform the dial to Public IP Router (PPTP server) and enter the appropriate username and password secret PPTP Server setting.

client.router.0.1

Note: The IP 10.10.10.100 is permisalan public ip of the server, to adjust to the actual implementation of the public ip you have.

After the PPTP connection is established, a new IP address will appear in the second Router with flag “D” attached to the interface pptp according to the PPTP server settings Secret

Up here the inter-router VPN connection has been established, however, between the local network can not communicate with each other. To be among the local network can communicate with each other, we need to add a static routing configuration

– Dst-address: local network router opponent
– Gateway: IP PPTP Tunnel on both routers.

routing-routeraThe addition of static routes on Router A
Routing-BThe addition of static routes on Router B

Remote Client
PPTP client does not have to use the Router. As in the above network topology, there is a Remote Client (Laptop) which will connect to the VPN Router A.
So we need to create a new Secret PPTP server to authenticate the remote client.

Secret
username = Client2; password = 1234; Local Address =10.20.20.1; Remote Address = 10.20.20.7

Secret.rev.0.2

Then we need to configure the PPTP Client on a Laptop. The steps will be different on each OS. The following configuration tutorial PPTP Client for OS Windows 7.

Configuring PPTP Client Windows 7
Laptops Make sure you are able to access the internet. Log on the menu Network and Sharing Center, and then create a new connection by selecting Set up a new connection or network.

Client-Laptop.1.1At the next window, select Connect to a workplace, and then click next.

Client-Laptop.1.2Then, select Use My Internet Connection (VPN)

Client-Laptop.1.3In the next step, we are prompted to enter the IP Address to which we will connect. Corresponding topology, then we enter the public IP address Router A. Destination name is the parameter to provide the name of the VPN interface that is being made.

Client-Laptop.1.4Next enter the appropriate username and password settings Secret’s in the PPTP server. Then click Connect.

client.leptop.There will be a process of authentication, wait for it to finish.

client.leptop.

If completed, the laptop will appear in the new interface with the Office A VPN name and the IP address attached took from ip-pool Remote Address according to the profile settings and Secret on PPTP Server.

Until this VPN connection from Laptop to Router A has been formed.Laptops are able to access to the Router and Network LAN A.

To perform a live remote router to the IP address you enter router installed after the VPN link is formed, which is the IP address 10.20.20.1.

Tips:

  • VPN path will be stable and easier in the configuration if the server has a dedicated internet line and have a static public IP.
  • File transfer bandwidth between sites will follow the smallest of the two sites, so make sure the bandwidth uploading and downloading site on both sides of insufficient
  • For client devices that use Windows 7, by default only be connected if the server side to enable encryption

By: Adyatma Yoga K (Mikrotik.co.id)