How to do a routing between pptp client???? (Resolved)

mushmx · July 9, 2008, 4:01am

Hi

I've a pptp server and 2 pptp client and I want comunicate the both pptp client but I can't. These are the IP

pptp server
pool pptp : 10.210.0.2-10.210.0.254
local ip: 10.210.0.1

route list:
DAC 0.0.0.0/0 x.x.x.x ethe1
DAC 10.210.0.0/24 ethe1 10.210.0.1
DAC 10.210.0.2 10.210.0.1
DAC 10.210.0.3 10.210.0.1

pptp-client1
ip private: 10.210.0.2

ping to 10.210.0.1 OK
ping to 10.210.0.3 BAD

so I add this rule dst: 10.210.0.0/24 gw:10.210.0.1 but not working.

pptp-client 2
ip private: 10.210.0.3

ping to 10.210.0.1 OK
ping to 10.210.0.2 BAD

so I add this rule dst: 10.210.0.0/24 gw:10.210.0.1 but not working.

Please help, What I need to do? The Idea is access from winbox to monitoring the MKT from my home.

best regard.

hilton · July 9, 2008, 9:27am

I’ve just tested this on one of my clients from two PPTP clients and I can ping the other. I think this is what you want?

Make sure ARP is enabled on the interface.

mushmx · July 10, 2008, 2:27am

Thanks for the reply

Exactly where I need enable the APR-Proxy?
In both pptp-client or only in the pptp-server?

Because I tried enable the ARP-Proxy only in the server but not worked for me and the target of that is can access from my home (ppt-client1) to all pptp-clients using the private ip of the VPN.

For example:

Home Laptop (pptp-client1) ------->pptp tunnel------->Office (pptp-server)------>pptp tunel---->Remote MKT (pptp-client2)
10.210.0.2-----------------------------------------------------------------10.210.0.1--------------------------------------------------10.210.0.3

The idea is that I can watch and access all clients but they can’t watching any pptp-client.

Best regard.

hilton · July 10, 2008, 10:49am

So you want to sit at home and be able to remote desktop/whatever to another user that has established a PPTP VPN session to the network?

mushmx · July 11, 2008, 1:27am

Thank’s hilton

I only want connect it via Winbox to the other pptp-clients for monitoring the MKT 511, I enabled the ARP-Proxy in the bridge server but not working yet and the ping not responding.

Anything idea?

mushmx · July 11, 2008, 8:35pm

Finally I resolved the trouble.

Just had add some routing rules and now it’s working!!!

Thanks!!!

headstrong · July 14, 2008, 11:58am

Hi

Please post your solution as I would like to do the same

Thanks

mushmx · July 16, 2008, 3:14am

Hello

Solution

My Home
IP LAN HOME: 192.168.0.X/24
DNS:192.168.0.254
pptp-client ip: 10.210.0.2/24

Route list
DA 0.0.0.0/0 <-------------------->192.168.0.254<------>ETHE1
SA 10.210.0.0/24 <-----------> 10.210.0.1<------------>PPTP-OUT
DA 10.210.0.1<-------------------------------------------------->PPTP-OUT<------------------>10.210.0.2
DA 192.168.0.0/24<------------------------------------------->ETHE1<------------------------>192.168.0.45

Office
pptp-server local address: 10.210.0.1
bridge tunel IP: 10.210.0.1
bridge ARP-Proxy= Enable

Route list
DA 0.0.0.0/0 <-------------------->X.X.X.X<----------------->ETHE1
SA 192.168.0.0/24 <---------->10.210.0.2<------------>
DA 10.210.0.1<--------------------------------------------------><------------------------------->10.210.0.2
DA 10.210.0.1<--------------------------------------------------><------------------>10.210.0.3

Remote Site
pptp-client ip: 10.210.0.3

Route list
DA 0.0.0.0/0 <-------------------->X.X.X.X<----------------->ETHE1
SA 10.210.0.0/24 <-----------> 10.210.0.1<------------>PPTP-OUT
SA 192.168.0.0/24<----------> 10.210.0.2<------------>PPTP-OUT-HOME
DA 10.210.0.1<-------------------------------------------------->PPTP-OUT<------------------>10.210.0.3
DA X.X.X.X/24<-------------------------------------------------->ETHE1<------------------------>X.X.X.X

With that I can access with the winbox from my lan home 192.168.0.X/24 to Remote site 10.210.0.3

I hope this help you.

headstrong · July 17, 2008, 9:00am

Thanks alot…

I found it very useful

hilton · July 17, 2008, 9:32am

How secure is connecting a site to site VPN with PPTP?

What about EOIP?

headstrong · July 17, 2008, 9:57am

pptp is more secure than EOIP

EOIP has no security what so ever

hilton · July 17, 2008, 10:10am

thanks James.

So with a site => site VPN using PPTP, you would also need to create some static DNS entries on each end if you weren’t running a proper DNS server at each site? Windows server probably does this pretty well.

To make all this routing and DNS happen seamlessly, would it be possible to run the PPTP session with a EOIP bridge connection? This way, both sites will appear to be on one LAN. Is this the correct way?

headstrong · July 17, 2008, 10:41am

Well I havnt gotten routing to work yet with pptp as i;m still playing with mushmx’s code

I suppose it should work provided that you are using mikrotik at each ends…

Are you wanting to run the vpn over the internet? if it over a wireless lan then just use eoip without the pptp

ricrc · August 29, 2008, 11:53pm

Post Helped,

I recently had to configure something like this:

Windows Road Warrior ---- Mikrotik PPTP Server ---- Mikrotik PPTP Client — LAN Client

Configuration something like:

WRW IP: 192.168.100.11, Local IP for PPTP Server: 192.168.100.1, All PPTP Clients at 192.168.100.0/24

Mikrotik PPTP Server had, 4 networks 192.168.0,5,6,7.x all Routed trough wireless clients.

Mikrotik PPTP Client had network: 192.168.2.x, and had 192.168.100.2 PPTP IP with Remote 192.168.100.1

LAN Client: In the 192.168.2.x network.

I was trying to access a Client of the 192.168.2.x Network trough the VPN, I was messing around with the PPTP Server to resolve this, until i read this post, and figured it was a problem in the Routes in the PPTP Client.

Thanks, Mushmx

angboontiong · June 13, 2019, 9:23am

Hi,

i just saw this post but it’s many years ago.
if i have 2 mikrotik, 1 is pptp server and 1 is pptp client.

how can i use my laptop dial pptp (pptp-client) to pptp server, and reach to the mikrotik pptp client LAN network?