Community discussions

MikroTik App
 
matthewpucc
just joined
Topic Author
Posts: 1
Joined: Fri Jul 17, 2009 4:42 am

advanced pptp configuration

Fri Jul 17, 2009 4:53 am

Hi guys. I've got a RB1000. On ether1 is my public interface (atm its ip is 10.0.1.9). On ether3 I have a private network with dhcp server on the rb1000u. The dhcp server's pool is 192.168.0.2-192.168.0.200. I want to be able to use a pptp connection to connect over the public interface to the private net on ether3. I've tried all the published tutorials I could find and I can get the pptp to connect but it won't let me access the private net. Can someone lay out what I need to do to get this setup running? any help would be appreciated. Let me know if you need any more information
 
changeip
Forum Guru
Forum Guru
Posts: 3830
Joined: Fri May 28, 2004 5:22 pm

Re: advanced pptp configuration

Fri Jul 17, 2009 8:11 am

are you giving the ppp profile a remote address thats on your lan ? If so, you can use proxy-arp. However, I suggest a better, alternate approach.

Assign your pptp client an IP in a completely different (3rd) subnet. Assign the local side an IP in that same subnet. ie, 192.168.50.1 & 192.168.50.2. Now, you are just like anyone else being routed.

Note: Windows clients are classful and will put a route in based on the subnet mask for class A, B, or C - you want C since it's smaller. If you assign a 10.x address the pptp client will get 255.0.0.0 and might cause problems.
 
User avatar
hilton
Long time Member
Long time Member
Posts: 634
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: advanced pptp configuration

Thu Nov 05, 2009 3:05 pm

Assign your pptp client an IP in a completely different (3rd) subnet. Assign the local side an IP in that same subnet. ie, 192.168.50.1 & 192.168.50.2. Now, you are just like anyone else being routed.
Sam how is the remote pptp client then going to know how to get to the local network behind the router if the address it's given is not in that subnet? Surely this request will be redirected via it's default gateway (which is not the PPTP link in order for them to use their own internet access for everything other than the VPN traffic).

So is it simply a case of either;

1. leave the 'use default gateway of remote network' on and then you don't have to set proxy=arp on the router interface

or

2. tick off 'use default gateway of remote network' and then you need to use proxy-arp and the same subnet as the remote lan.

or

3. tick off 'use default gateway of remote network', use a different subnet than the remote lan and don't use proxy-arp but create a static route on the client for access to the remote lan.
 
changeip
Forum Guru
Forum Guru
Posts: 3830
Joined: Fri May 28, 2004 5:22 pm

Re: advanced pptp configuration

Fri Nov 06, 2009 1:39 am

windows will automatically setup classless routes upon connection. lame i know, but if you know how it works, its beneficial. if you setup 172.16.1.x/24 as the wired lan, and then 172.16.2.x/24 as the dialin clients, windows will enter a 172.16.x.x route to the ppp adapter automatically. if using 192.168.x.x then it wont work because it uses a class C route and your no longer in the same subnet. confusing i know, but just try it with 172.16 range and then run a route print and see what windows enters.
 
User avatar
hilton
Long time Member
Long time Member
Posts: 634
Joined: Thu Sep 07, 2006 5:12 pm
Location: Jozi (aka Johannesburg), South Africa

Re: advanced pptp configuration

Fri Nov 06, 2009 9:37 am

Not confusing at all, I just didn't know this about Windows.

Thanks Sam, good post.

Who is online

Users browsing this forum: Ahrefs [Bot] and 29 guests