Need help setting up vpn on MikroTik 750g

tehnewguy · February 4, 2014, 6:17am

Hello, I am very new to router os and I would appreciate if you help me to understand something.

We have a small lan and one Cisco RV082 10/100 8-Port VPN Router connected to the internet. My superiors are unhappy with cisco vpn service and i’ve been told to acquire mikrotik 750g router and set it up as a primal vpn appliance behind cisco. Now, after i purchased said device and connected it to our network, I need to understand what to do next, what steps do i have to take to set things up properly? I would very much appreciate any help, thank you.

plisken · February 4, 2014, 7:58pm

VPN is a difficult thing and on the forum or wiki not good explaned.

AnRkey · February 5, 2014, 1:03pm

You’re in luck. This is incredibly easy to set up.

Firstly though, I need more info about your current setup.

IP range, Gateway IP and also, do you have static public IPs?

Is it cable, ADSL, SDSL, 3G or wireless that you get your internet access through?

plisken · February 6, 2014, 8:51am

@AnRkey
Can you poste an example from mikrotik device to another?

If so this must be great

tehnewguy · February 6, 2014, 2:10pm

Thanks for the response.

Current setup is as follows:
Internet → cisco → lan, mikrotik
Cable internet, static public IP, gateway 10.10.0.1/24, range is 10.10.0.0 ~ 10.10.0.255

AnRkey · February 6, 2014, 7:29pm

I’d get rid of the Cisco then, unless it does something special for you.

The IP that is being given out by the cable modem can easily be given to the MT router with default gateway and everything you need for internet access.

Simply connect the MT to the modem on its own and go to Winbox and do the following.

Click IP > DHCP Client > click + > add DHCP client to the port that you plugged the cable modem in to.

Click IP > Address > click + > Add IP 10.0.0.1/24 (include the /24) and choose a port on the MT to assign the IP to. (this is the port going to your LAN switch)

Click IP > DHCP server > Click DHCP server setup and follow instructions.

Click IP > Firewall > NAT > Add src-nat rule > set out interface to ether port that the cable modem is on > set source IP to 10.0.0.0/24 > set action to masquerade

Click PPP > enable the PPTP server > Click secrets and Add a secret (secret = logon account) > set remote IP to something like 10.1.0.1 and local IP to 10.0.0.1 also (leave out the /24 here)

try connect to your public IP from a windows computer, use the logon and password that you created in the secret tab above.

Read the MT wiki about firewalls and vpns for extra info.

Sell the cisco and buy some beer with the money. consume the beer while working from home over the VPN.

AnRkey · February 6, 2014, 7:35pm

btw: for this to work, your cable modem must give the public IP to the MT via DHCP, this is usually an option on the cable modem. This change is required if you want to be able to reach the VPN server in the MT from outside. Otherwise you need to forward ports to the MT.

For PPTP:
IP Protocol=TCP, TCP Port number=1723 ← Used by PPTP control path
IP Protocol=GRE (value 47) ← Used by PPTP data path

Both must reach the MT some how.

Your current setup is dishing out private 10.x.x.x IPs instead of the public IP to the LAN side. This is why it is easier to change the cable modem settings so that it gives the MT the public IP instead of a private IP.