Last time I wrote how to configure a PPTP VPN Server on Mikrotik RouterOS
Today I will show you how to configure a PPTP VPN Client on Mikrotik RouterOS.
Before we start I will try to explain what I want to do…
My home network:
192.168.1.0/24 - Private 192.168.2.0/24 - Public
I would like to establish a VPN connection to the remote location on my Mikrotik router and allow computers (only!) from my private subnet to access computers on the remote location.
This tutorial will explain you how I did this. Here is a simple step by step tutorial with images and all information that you need to get PPTP VPN Client working…
Step 1: Create PPTP Client
Noting special on this step, so I think that the image is enough
Step 2: Configure PPTP Client
After you created the PPTP Client you will need to enter some basic information:
- VPN server hostname or IP
- VPN username and password
then you need a name for the client…
If you enter the correct information you are already connected to the VPN server
You can now double-click on pptp-client and see the status
With the current configuration I can ping a remote computer from my Mikrotik:
[admin@MikroTik] > ping address=192.168.3.2 src-address=192.168.3.101 count=3 HOST SIZE TTL TIME STATUS 192.168.3.2 56 127 42ms 192.168.3.2 56 127 44ms 192.168.3.2 56 127 41ms sent=3 received=3 packet-loss=0% min-rtt=41ms avg-rtt=42ms max-rtt=44ms
but I can’t ping the same computer from any other location (other computers connected to my Mikrotik…
C:UsersUser>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.3.2: Packets: Sent = 3, Received = 0, Lost = 3 (100% loss)
to resolve this we need to add a NAT rule and one more route
Step 3: NAT configuration
[admin@MikroTik] > /ip firewall nat print ... 1 ;;; pptp-client masquerade chain=srcnat action=masquerade src-address=192.168.1.2-192.168.1.254 out-interface=pptp-client log=no log-prefix="" ...
src-address is used to allow only computers from my private subnet
In simple words… With this we allowed other computers to use VPN client interface.
Step 4: Add new route
route #4 is automatically added with pptp-client.
We need to add route #3…
Again… in simple words… With this route we route all request from 192.168.1.1 (router IP for private subnet) to remote subnet
[admin@MikroTik] > /ip route print # DST-ADDRESS PREF-SRC GATEWAY DISTANCE ... 3 A S 192.168.3.0/24 192.168.1.1 pptp-client 1 4 ADC 192.168.3.100/32 192.168.3.101 pptp-client 0 ...
Step 5: Finish
If you did all right, you now have access to the remote subnet from your private subnet.
A quick test…
C:UsersUser>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Reply from 192.168.3.2: bytes=32 time=41ms TTL=126 Reply from 192.168.3.2: bytes=32 time=41ms TTL=126 Reply from 192.168.3.2: bytes=32 time=86ms TTL=126 Ping statistics for 192.168.3.2: Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 41ms, Maximum = 86ms, Average = 56ms
If you need any help or I did something wrong, leave a comment and I will try to do my best to help you.