Step by Step: How to configure a PPTP VPN Client on Mikrotik RouterOS
Intro
Last time I wrote how to configure a PPTP VPN Server on Mikrotik RouterOS
Today I will show you how to configure a PPTP VPN Client on Mikrotik RouterOS.
Before we start I will try to explain what I want to do…
My home network:
192.168.1.0/24 - Private 192.168.2.0/24 - Public
Remote location:
192.168.3.0/24
I would like to establish a VPN connection to the remote location on my Mikrotik router and allow computers (only!) from my private subnet to access computers on the remote location.
This tutorial will explain you how I did this. Here is a simple step by step tutorial with images and all information that you need to get PPTP VPN Client working…
Step 1: Create PPTP Client
Noting special on this step, so I think that the image is enough :)
Step 2: Configure PPTP Client
After you created the PPTP Client you will need to enter some basic information:
- VPN server hostname or IP
- VPN username and password
then you need a name for the client…
If you enter the correct information you are already connected to the VPN server
You can now double-click on pptp-client and see the status
Note
With the current configuration I can ping a remote computer from my Mikrotik:
[admin@MikroTik] > ping address=192.168.3.2 src-address=192.168.3.101 count=3 HOST SIZE TTL TIME STATUS 192.168.3.2 56 127 42ms 192.168.3.2 56 127 44ms 192.168.3.2 56 127 41ms sent=3 received=3 packet-loss=0% min-rtt=41ms avg-rtt=42ms max-rtt=44ms
but I can’t ping the same computer from any other location (other computers connected to my Mikrotik…
C:\Users\User>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.3.2: Packets: Sent = 3, Received = 0, Lost = 3 (100% loss)
to resolve this we need to add a NAT rule and one more route
Step 3: NAT configuration
[admin@MikroTik] > /ip firewall nat print ... 1 ;;; pptp-client masquerade chain=srcnat action=masquerade src-address=192.168.1.2-192.168.1.254 out-interface=pptp-client log=no log-prefix="" ...
src-address is used to allow only computers from my private subnet
In simple words… With this we allowed other computers to use VPN client interface.
Step 4: Add new route
route #4 is automatically added with pptp-client.
We need to add route #3…
Again… in simple words… With this route we route all request from 192.168.1.1 (router IP for private subnet) to remote subnet
[admin@MikroTik] > /ip route print # DST-ADDRESS PREF-SRC GATEWAY DISTANCE ... 3 A S 192.168.3.0/24 192.168.1.1 pptp-client 1 4 ADC 192.168.3.100/32 192.168.3.101 pptp-client 0 ...
Step 5: Finish
If you did all right, you now have access to the remote subnet from your private subnet.
A quick test…
C:\Users\User>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Reply from 192.168.3.2: bytes=32 time=41ms TTL=126 Reply from 192.168.3.2: bytes=32 time=41ms TTL=126 Reply from 192.168.3.2: bytes=32 time=86ms TTL=126 Ping statistics for 192.168.3.2: Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 41ms, Maximum = 86ms, Average = 56ms
If you need any help or I did something wrong, leave a comment and I will try to do my best to help you.
06 Nov 2014
Hello,
There is requirement is to run the DATA & Internet on two computers at
the same time on Mickrotik Router. Can you please confirm that is it possible on Microtik router?? Appreciate, if you can share step by step configuration for the same.
LAN IP Pool (For Data) : 192.168.3.0/24
IP Pool for Internet: 203.130.17.224/30
WAN IP Pool: 192.168.110.52/30
For Data connectivity we have already made GRE tunnel b/w branch & Head Office
Tunnel Ip@ branch end router: 10.10.10.6
Tunnel Ip@ HO router: 10.10.10.5
Tunnel Destination: 10.50.55.162
LAN IP Pool@HO: 192.168.10.0/24
11 Jan 2018
thank you very much. it helped me a lot
27 Mar 2018
Hello Uroš,
Thank you very much for very comprehensive guide. But I can´t reproduce same as you.
I´m able ping my remote router router to safe side, but others devices are not visible in remote network. Do you know, where should be the problem?
Many thanks Martin
27 Mar 2018
Hi Martin,
maybe you need to setup something on your remote router? I’m not sure why is not working for you… maybe someone else here have some idea? :)
Regards,
Uroš
02 Sep 2020
Can You please help me out to Create the L2TP server and client in Mikrotik Router.
23 Sep 2022
CommentGood evening from Cameroon in Central Africa.
I have a problem please.
I opted for pptp VPN client accounts in an online server either
Public IP=195.103.x.10
Address Loc=10.0.0.2
Remote address=10.0.0.1
WAN Gateway=192.168.8.1
LAN=192.168.1.0/24
R1=192.168.1.1
Public IP=195.103.x.10
Address Loc=10.0.0.3
Remote address=10.0.0.1
WAN Gateway=192.168.8.1
LAN=192.168.2.0/24
R1=192.168.2.1
I can’t ping between LANs but against between 10.0.0.2 and 10.0.0.3 without forgetting that this pptp client by using it directly on Windows it works very well.