See also Mikrotik VPN Notes

http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP#Server_configuration

http://wiki.mikrotik.com/wiki/PPTP_Server_With_Profile

• All traffic routes through tunnel

Needs updating for newer RouterOS, but still works.

PPP → Interface → PPTP Server → Enable

• MTU (1460)
• MRU (1460)
• Authentication (MSCHAPv2)
  • Encrypted

PPP → Secrets

• Name
  • Username
• Password
• Service
  • pptp
• Local Address
  • Same for all users
  • Router's LAN address
• Remote Address
  • Different for each user
  • Outside of DHCP range
• Profile
  • default-encryption

IP → Pool → Add

• Name (PPTPpool)
• Range of addresses (192.168.1.10-192.168.1.20)

PPP → Profiles → Default-Encryption

• Local Address (LAN address of router)
  • Same for all users
• Remote Address (PPTPpool)
  • Pool you created

PPP → PPTP Server → Secrets

• Specify profile (Default-Encryption)

Enable Proxy-ARP on the LAN interface for proper layer-2 address ARP resolution.

Interfaces → etherN → General → ARP → Proxy-ARP

If you use a LAN bridge, modify that.

Bridge → YourLanBridge → General → ARP → Proxy-ARP

PPTP utilizes:

• TCP port 1723
• GRE (protocol ID 47) for tunneling

Accept PPTP in Mikrotik:

/ip firewall filter add chain=input action=accept protocol=tcp dst-port=1723 comment="PPTP VPN - 1723" place-before=0
/ip firewall filter add chain=input action=accept protocol=gre comment="PPTP VPN - GRE" place-before=0

See also Windows VPN Notes