Monday, October 5, 2020

Mikrotik VPN Server

The term VPN stands for Virtual Private Network. It is used to make secure and private connection to the destination network over the internet. Using some tunneling protocol, VPN create a tunnel to the destination network over the public network or internet. Later, this tunnel makes encrypted using some encryption protocol. The main goal of the VPN is , make a secure and encrypted tunnel with the VPN server over the internet. Generally,  the VPN client initiate the tunnel making process with the VPN server and VPN server just accept the connection if the given credential is correct. 

In Mikrotik, there are several protocol available to make this VPN server. Also, we can use Mikrotik as a VPN client. In this tutorial, we are going to talking about, how to configure VPN server using PPTP tunneling protocol.

PPTP is stand for Point to Point tunneling protocol. This is the VPN Protocol, through which the VPN connection is established. In this connection process, the PPTP client creates a tunnel with its PPTP server. Later, data is transferred using this tunnel. This tunnel is usually built using TCP port 1723. In this lesson we will learn, how to configure Mikrotik router as a PPTP server. At the same time we will also learn, how to connect this PPTP server from windows machine using windows default VPN client. 
Okey, let's start with PPTP server. To enable PPTP server, go to "PPP" from menu and then click "Interface". Now click on "PPTP Server".


After click on "PPTP Sever" you will be appeared by the following interface. Just tick the "Enabled" option. Then click on "Apply" and then "OK".


At this time our PPTP server has enabled. Now we need to create a connection profile for VPN users who will be connected to this VPN server or PPTP server. To create profile, go to "Profile" tab and then click on "add" sign.


You will get the following interface for creating new PPP profile. Here, enter your profile name, local IP address and remote IP address. When a user will establish the VPN connection to this server using this profile, then the "Local Address" will be the server side IP address and "Remote Address" will be the client or user side IP address for that VPN connection. During making connection to the VPN server, one IP address will be assigned to the VPN user.  We will be able to configure which IP address will be provided to the user through this "Remote Address" option. The "Local Address" is for the server itself. Change "TCP MSS" to "yes" if not selected by default.


[Make sure your IP address is within range of your local network. Otherwise, all traffic of VPN users will be dropped.]


Here, we have two options to configure this "Local Address" and "Remote Address" field. We can use individual IP address for these field or we can configure a pool from our DHCP server. Next, users will be automatically given IP addresses from that configured pool. Just like as below:-


Now go to "Protocols" tab and change "Use Compression" value to "yes". As a result, all data will be compressed during transmission.


At this point, our user profile is ready. Now we are going to create the user credential for the VPN connection. This credential will be required for connecting to this PPTP server or VPN server. To create user go to "Secrets" tab and click on "add (+)" sign. 


Now enter your user name and password to the "Name" and "Password" field. And select your service type from the "Service" field, which service the user will provide. Here, we will select PPTP because we are going to provide that service. Finally, select the profile name from "Profile" field which we have create earlier. As a result, if anyone use this user name to make VPN connection, then they will be covered by this profile.


Everything is done. Our PPTP server is ready to provide VPN service. If a user makes a connection with our VPN server or if we want to know how many users are connected to our VPN server at the moment, we will get this information from the "Active Connection" tab.


Now we can use any VPN client software to make VPN connection to this server. In this tutorial, we will use windows default VPN client adapter. To know how to create VPN client adapter on windows, please explore the following link.


After the VPN connection is successful, we will go to the "Active Connection" tab and check whether there is any connection entry available. 


Yes, we got one entry for our VPN connection. Here, the "Name" field is describe VPN user name, "Service" filed is describe VPN type, "Caller ID" field is describe client public IP address, "Encoding" field is describe encryption method, "Address" field is describe remote IP address which we have assigned or profile during creation and finally "Uptime" is describe the time duration about how long this connection is created. 

Don't get confused with this username (VPN) and remote IP (192.168.3.230). This is my lab environment. Just ignore it.In this entry, you will get your VPN user name "pptp_user"(as our tutorial) and our remote address will be "192.168.3.200"(as our tutorial).

From now on, your remote user can connect to your corporate network over this PPTP VPN connection.


No comments:

Post a Comment