Saturday, October 10, 2020

Mikrotik VPN Client

VPN server is used to connect to our workplace over public network. It provide us secure data connectivity. We can access any resource, that are located our corporate premises with the help of VPN server. To connect the VPN server, we have to have one VPN client. VPN client makes a tunnel with VPN server, and later, transfer all the data using that tunnel. There are some protocols, those are responsible for establishment that tunnel. One of these protocol name is "PPTP". PPTP can act as a server as well as a client. In this tutorial we are going to talking about, how to configure PPTP protocol as a client into the Mikrotik router. 

To configure Mikrotik as a PPTP client, we need to create a virtual interface named "PPTP Client". To create it, go on "PPP" from menu and then navigate to "Interface" tab. Now click on (+) sign and select "PPTP Client".


Now you will get the following interface. Navigate to the "General" tab and named your PPTP Client. In this example, I named it "Connect_to_PPTP-Server". 


Now, navigate to the "Dial Out" tab. Write your PPTP server IP address into "Connect To:" field. Also enter your PPTP server user name and password into the "User" and "Password" field. And select your profile. Here, I am using "default-encryption".

You can adjust your profile settings from "Profiles" tab on PPP menu.


 Finally, select the authentication protocol. Here I have selected all the protocols.


After that, click on "Apply" and then click "OK". At this point, your PPTP tunnel should be connected. You can check the tunnel status from this interface.


Don't worry about my tunnel status. This is my lab environment. That's why it is showing "disconnected". But if you follow this tutorial step by step and your PPTP server has properly configured then you should be appeared "connected" status.

At this point, our tunnel is ready. But, still now we can't transfer traffic through this tunnel. Because, we don't configure any routing information yet. We have to add one static route entry for our destination network into our routing table. Let's say our destination network is "192.168.3.0/24". Without static route entry, if any user trying to get reach "192.168.3.0/24", all the packet should be dropped. Because, still now router don't know how to get reach that network, although our VPN connection is established. By adding the static entry we tell the router, if any user trying to get reach "192.168.3.0/24" network, then all traffic should be forwarded to PPTP tunnel.


If you want you can use tunnel interface directly as a gateway or you can use tunnel remote side address as gateway. Just like below:-


Again, don't worry about my "unreachable" status. From "Status" tab, you will get the tunnel remote side IP address.

At this stage, you data transfer should be begun.

No comments:

Post a Comment