![vpn tunnel mikrotik client to site vpn tunnel mikrotik client to site](https://community.sophos.com/cfs-file/__key/communityserver-discussions-components-files/126/pastedimage1504607873031v3.png)
Then we'll make sure encryption is being required in the Santa Fe PPTP profile, just like on Seattle's router: /ppp profile set name=default-encryption use-encryption=required First thing to do is add those same firewall rules, just with Seattle's source IP address: /ip firewall filterĭd chain=input comment=PPTP dst-port=1723 protocol=tcp src-address=72.156.29.2Īdd chain=input comment=PPTP protocol=gre src-address=72.156.29.2 That wraps up the configuration on the PPTP server side in Seattle, let's look at Santa Fe. I've only opened up PPTP to a specific source address, and I suggest you do the same. This allows PPTP traffic from the Santa Fe router into the Seattle router. We also need to put some firewall rules in to allow PPTP (which uses GRE) into the firewall: /ip firewall filterĪdd chain=input comment=PPTP dst-port=1723 protocol=tcp src-address=72.156.30.2Īdd chain=input comment=PPTP protocol=gre src-address=72.156.30.2 The IP addresses I chose for the PPTP tunnel are totally arbitrary, you can use whatever you want as long as they don't overlap with anything already in use. It has a username (santafe), a password, the local address that will be dynamically assigned to the PPTP server, and the remote address that will be dynamically assigned to the PPTP client. This PPP secret is what the PPTP client will use to establish the tunnel. Next on the Seattle router we'll set up the credentials that the Santa Fe PPTP client will use to establish the tunnel: /ppp secret add local-address=10.0.0.1 name=santafe password=supersecretpassword remote-address=10.0.0.2 service=pptp We'll also set the PPTP profile being used to require encryption, it's no longer optional. I've specifically set the authentication to MSCHAP v2 because that is the best encryption that PPTP can handle, and we don't want to use anything less than that. ppp profile set name=default-encryption use-encryption=required First we'll enable the PPTP server on the Seattle router: /interface pptp-server server set authentication=mschap2 enabled=yes It could be the other way around, it doesn't matter, as long as one router is the server and the other is the client. This is a cheaper alternative to MPLS tunnels, though in fairness it is also a very different technology and somewhat legacy. The Seattle customer router will be the PPTP server, and the Santa Fe router will run the PPTP client. The requirements for this network aren't too complicated - connect customer LAN networks 192.168.1.0/24 and 192.168.5.0/24 via a PPTP tunnel over a provider's network. The topology being used is the same one in the MPLS with VPLS article, but the Seattle and Santa Fe LER devices have been converted to customer-owned routers. We'll use static routes on each router that allow devices in one LAN to communicate with devices in the other. This article will focus on creating a site-to-site VPN tunnel using PPTP. Put multiple Site-to-Site tunnels together all connecting to a core location and you now have a routable hub and spoke topology. PPTP can also be used to create routable interfaces on two Mikrotik device and function as a site-to-site tunnel. PPTP is commonly used in a "road warrior" configuration, with remote clients on laptops and tablets VPNing into a network from the road.
![vpn tunnel mikrotik client to site vpn tunnel mikrotik client to site](https://i.ytimg.com/vi/x0ejkYHwYbA/hqdefault.jpg)
At the same time it isn't sending everything in the clear like GRE or EoIP tunnels do. The encryption it uses isn't as robust as IPSEC and doesn't use PFS, but we can do a couple configuration tweaks to make it as secure as possible.
VPN TUNNEL MIKROTIK CLIENT TO SITE ANDROID
However, PPTP is still widely supported by almost all routing platforms, and Windows, Mac, Linux, and most smartphones like Android come with a PPTP client built-in. It's also one of the oldest, and unfortunately while it does provide encryption it's one of the least secure.
![vpn tunnel mikrotik client to site vpn tunnel mikrotik client to site](https://1.bp.blogspot.com/-F9cdbDLoMuA/Xdem9Z_SDiI/AAAAAAAAAx0/QA55bGXpFa03EsNcZFFGyi6_e6CR8g6PwCLcBGAsYHQ/s1600/Untitled.png)
PPTP is still one of the most ubiquitous VPN technologies in use.