====== Mikrotik PPTP VPN ======

See also **[[networking:router:mikrotik_vpn|Mikrotik VPN Notes]]**

http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP#Server_configuration

http://wiki.mikrotik.com/wiki/PPTP_Server_With_Profile

  * All traffic routes through tunnel

===== Enable PPTP Server =====

FIXME Needs updating for newer RouterOS, but still works.

{{ :networking:router:mikrotik_vpn_pptp_1.png?255|Enable PPTP Server}}

**PPP -> Interface -> PPTP Server -> Enable**

  * MTU (1460)
  * MRU (1460)
  * Authentication (MSCHAPv2)
    * Encrypted

===== Create a Single User =====

**PPP -> Secrets**

  * **Name**
    * Username
  * **Password**
  * **Service**
    * ''pptp''
  * **Local Address**
    * Same for all users
    * Router's LAN address
  * **Remote Address**
    * Different for each user
    * Outside of DHCP range
  * **Profile**
    * ''default-encryption''

===== For Multiple Users =====

{{ :networking:router:mikrotik_vpn_pptp_2.png?255|PPTP IP Address Pool}}

**IP -> Pool -> Add**

  * Name (PPTPpool)
  * Range of addresses (192.168.1.10-192.168.1.20)

**PPP -> Profiles -> Default-Encryption**

  * Local Address (LAN address of router)
    * Same for all users
  * Remote Address (PPTPpool) {{ :networking:router:mikrotik_vpn_pptp_3.png?255|Default-Encryption Profile}}
    * Pool you created

**PPP -> PPTP Server -> Secrets**

  * Specify profile (Default-Encryption)

===== Proxy-ARP =====

:!: Enable Proxy-ARP on the **LAN interface** for proper layer-2 address ARP resolution.

**Interfaces -> etherN -> General -> ARP -> Proxy-ARP**

:!: If you use a **LAN bridge**, modify that.

**Bridge -> YourLanBridge -> General -> ARP -> Proxy-ARP**

===== Firewall =====

{{ :networking:router:mikrotik_vpn_pptp_4.png?750 |PPTP VPN Firewall Rules}}

**PPTP** utilizes:

  * TCP port 1723
  * GRE (protocol ID 47) for tunneling

Accept PPTP in Mikrotik:

<file>
/ip firewall filter add chain=input action=accept protocol=tcp dst-port=1723 comment="PPTP VPN - 1723" place-before=0
/ip firewall filter add chain=input action=accept protocol=gre comment="PPTP VPN - GRE" place-before=0
</file>

===== Client Connection =====

See also **[[networking:windows:windows_vpn|Windows VPN Notes]]**

{{ :networking:router:mikrotik_vpn_pptp_5.png?300 |Windows 8.1 PPTP Connection}}