PPTP and Remote Desktop..

RouterOS Beginner Basics
1

Hello to everyone glad to be here on the forum..I’m just a brand new MTCNA certified who’s looking for help..
I 've setup a PPTP Client/Server VPN to allow external employees to work remotely on a server, and use an’application thought the remote desktop.
On the Mikrotik I have enable the PPTP, a PPP profile and a security Profile too, create a new ip pool for the vpn-clients..when people connect throught the Microsoft client they succeded..but they can’t ping the server and Remote desktop is unable to connect to the Server..
Know that PPTP vpn are not part of MTCNA..and I tried to resolve this with the WIKI and some Youtube videos, now I have a portforwading for Remote Desktop to allow external clients to work but this situation give me the chills.
I would like that the people from outside could reach the Server with the VPN and then open Remote Desktop to the local ip on the server..
Thanks for your help..

2

The solution depends on your config.

If the VPN users are on same IP Subnet as LAN, then you need to enable ARP Proxy, if they are on a different IP Subnet, then ensure they have “Use default gateway on remote network” enabled

My preferred way of VPN is on a separate subnet

3

HI CzFan and thank you for your help..

“If the VPN users are on same IP Subnet as LAN, then you need to enable ARP Proxy, if they are on a different IP Subnet, then ensure they have “Use default gateway on remote network” enabled”

They are on different subnet ..but where I find this option “Use default gateway on remote network” enabled", on the routerboard or the Windows vpn 's client?

4

Windows VPN Client, under TCP–>Advanced

5

Ok found it and tested..after that now:
° I can ping the server and even open a network share
° Remote desktop stil not respondig, I use a port scanner on the server and it seems close..but it’s not beacuse there 's a portforwarding on that local ip from outside the ntework.
° The remote clients when they are connected to the vpn..they immediately stop surfing the web

:frowning: can’ t realize what I’m doing wrong on the routyerboard maybe I’ll post a screenshot..

6

go to Terminal, it is in the button menus on the left in Winbox, then post the output of “/ip firewall filter export” and “/ip firewall nat export” here

7

Here they come:

jul/03/2018 15:13:10 by RouterOS 6.38.7

software id = F1BP-N1KW

/ip firewall nat
add action=masquerade chain=srcnat out-interface=“ether1 -WAN”
add action=dst-nat chain=dstnat dst-port=3389 in-interface=“ether1 -WAN”
port=“” protocol=tcp to-addresses=200.0.0.15 to-ports=3389

jul/03/2018 15:10:24 by RouterOS 6.38.7

software id = F1BP-N1KW

/ip firewall filter
add action=accept chain=forward dst-port=1723 protocol=tcp