I have a /29 of public ip addresses on a mikrotik I remote into in a data center. I would like to be able to assign a public ip an incoming pptp connection.

I have tried assigning the static ip i wanted to use on both fields of the ppp secret tab and varrying configurations off that, And have tried playing with src nat and trying to send it to an inside ip I set on the pptp connection but nothing is working and my public ip still shows the gateway of the router.

Any assistance would be greatly appeciated!!!

There’s nothing to it. If you have client defined in “/ppp secret”, simply set its remote-address=. If it’s routed subnet, that’s all. If it’s connected subnet (ISP uses address from same subnet as your gateway), you need proxy ARP:

/ip arp
add address=<selected public address> interface=<WAN> published=yes

Last step is to adjust firewall, allow traffic to/from as you need. You don’t need NAT, except maybe to exclude from existing one.

I was missing the proxy arp then. I will try this asap!

I am still missing something. It is a subnet that I also use as the gateway from my isp. Lets say my router ip is 11.12.0.138/29. The ISP is 11.12.0.137 which my default route is going to. My ppp secret > Remote IP is using 11.12.0.140 and I set proxy arp with that IP to publish that ip. I must not be setting the local address right. Right now its using 10.140.1.1 which is the routers “LAN” ip on a loopback interface/bridge. I have tried setting the local ip on the secret to the gateway of my router as well with no luck. Any idea what I am doing wrong?

ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic, P - published,
C - complete

ADDRESS MAC-ADDRESS INTERFACE

0 DC 11.12.0.137 28:C0:DA:2C:E0:01 ether2
1 P 11.12.0.140 00:00:00:00:00:00 ether2

Also, no forward firewall that could be blocking it.

Working example, server:

/ip address
add interface=WAN address=11.12.0.138/29
/ip route
add dst-address=0.0.0.0/0 gateway=11.12.0.137
/ppp profile
add local-address=10.140.1.1 name=test
/ppp secret
add name=tester password=test profile=test remote-address=11.12.0.140
/ip arp
add address=11.12.0.140 interface=WAN published=yes

Client:

/interface pptp-client
add add-default-route=yes connect-to=11.12.0.138 disabled=no name=pptp-out1 password=test user=tester

For the record, I do not recommed PPTP, it’s just that you mentioned it and it’s easy to configure for quick test.

@sob

how you will recommend, im my case i dont want the public ip to terminate in to the MT i want to terminate into customer equipment

That’s exactly what this does. Yes, there’s one address on router (.138), but the other (.137) goes directly to client. And the first one is there just because OP wrote it’s like this.

@sob
i was saying behind this device.
Imagine that this is my CPE and the customer has plugged his firewall in to that, and asking for pub ip-add

If you mean that PPTP client from example is CPE and public address should go to another device behind it, then in PPP secret don’t set it as “remote-address”, but put it in “routes” instead (also in PPP secret). Dynamic route will be created when client connects. Then how exactly to give this address to another device, that’s a question. Static config would work for sure. But if you’d want to have everything dynamic, I don’t know about that, client may not be getting any info about the route on server’s side. Maybe DHCP relay could work, but I’ve never done much with that.

You’re using PPTP over the Internet? Are you mad? Or, were you previously ignorant, transitioning to enlightened with this post?

@Sob

or maybe i can play with l2tp-bcp, that will allow with me to use vlans, that would be one of the solution.

At the moment is running vpls tunnel. I’m not happy about that because the cpe is not so powerful and its learning lot of routes (ospf).

I’m sorry, but I won’t be of much help here, those are not my areas.