configure the PPTP server on Mikrotik.

How To Disable Outlook Security Warning – “A program is trying to access e-mail addresses…”
June 13, 2016

configure the PPTP server on Mikrotik.

Login to the Mikrotik RouterOS via Winbox and go to the IP —> Pool:

Click on the “Plus Symbol” to add new pool, Name it whatever you want (like I named it pptp-pool), add the address range (192.168.10.10-192.168.10.20, in my case), then hit OK:

Now go to the PPP Section. Click “PPTP Server” and check the Enabled:

While still on the PPP window, switch to the “Profiles” tab. Click on the plus sign to create new profile, Name it whatever you want (like I use pptp-profile), set the pool that we have created earlier for “Local Address” AND “Remote address“, then press OK.

Now switch to the “Secrets” tab of the PPP window. Click on the plus sign to create new user,  add the name(which act as username), password and profile that we have created in the previous step:

Click on the IP —> Firewall:

From the “Filter Rules” tab, add the new rule. Set the chain to input, protocol to tcp and Dst. port to 1723:

Switch to the Action tab and set it to accept, then Click OK:

Add another new rule. Set the chain to input and protocol to gre:

Switch to the Action tab and set it to accept, then Click OK:

Note: Drag these two rules ABOVE THE DEFAULT “drop” RULE

PPTP Client Setup on Windows 7:

From  “Control Panel“, select the  “Network and Sharing Center” and then choose “Set up a new connection or network“:

On the next window, choose “Connect to a workplace“:

Choose “Use my Internet Connection (VPN)” from the next window:

Type the Public IP address or hostname of your Mikrotik, on the next window:

Next type your VPN username/password and after that click Connect:

Connection usually takes a minute to connect, upon successfully connected, will show you the message “You are connected“:

Verify the pptp logs on Mikrotik by hitting Log:

Ping any internal host:

NOTE: Sometimes, there is a problem to access other hosts on the LAN from the VPN. The solution to this problem is to set up the proxy-arp on the local interface that connect to your LAN:

 

Comments are closed.