It’s very easy to create pptp-client interface in a mikrotik facing the ISP, because it looks for the default gateway in route table with distance=1 and connect normally .. so clear
==========
what if i have another mikrotik behind the gateway mikrotik just like this scenario
APs–> switch → (Mikrotik_A) → (Mikrotik_B where i have pptp-client connected and working) → ISP
i wan’t to move pptp-client to mikrotik_A
APs–> switch → (Mikrotik_A with pptp-client) → (Mikrotik_B) → ISP
=========
the problem is pptp-client in Mikrotik_A is not able to reach the ISP interface because Mikrotik_A is behind Mikrotik_B which is facing the ISP
how can i make pptp-client in Mikrotik_A see the ISP so to make it connected ?!
thank for the reply Zacharias .. ok so by forwarding 1723 i have to add nat rule that forward port to Mikrotik_A .. is that correct ?
and for gre yes it’s enabled on input chain on both routers just before the invalid drop chain
Please DO NOT use pptp. Is very unsafe protocol. Personally I was getting a very big ammount of fake connections per day from random attackers.
Instead use SSTP!
thank you both zakynthoswifi Zacharias for comments, sorry for late reply
i waited to get a new RB951 which will be dedicated for vpn traffic only
and yes i know PPTP is not encrypted and vulnerable but it’s easy to configure and setup without the need for client configuration
and it’s only used for internet traffic, my ISP is blocking pubg and Instagram, so pptp is doing well to bypass the blocking
just one last question
since i have a router for only vpn use
i have one isp line configured as pppoe-client interface and one pptp-client interface
how to make all traffic goes through pptp tunnel
i couldn’t make this work unless by adding those mangle rules:
/ip firewall mangle add chain=prerouting in-interface=lan action=mark-connection new-connection-mark=vpnconn
/ip firewall mangle add chain=prerouting in-interface=lan connection-mark=vpnconn action=mark-routing new-routing-mark=tovpn
then in route table
/ip route add gateway=pptp-client routing-mark=tovpn
Is there a way to route all traffic through pptp without the need for mangle table use?
I don’t think that’s correct… If your Mikrotik A is the PPTP-Client then I don’t think you need any port forwarding or firewall rules because Mikrotik A is creating an outbound connection. If mikrotik A is a PPTP-Server then you’d need forwarding and input firewall rules.
If you want all your traffic to go through the PPTP client then yes, you’d need to create a route. However, I’m not sure what happens when the route becomes active. Will the Mikrotik A try and route the VPN tunnel over itself? You may have to create 2 mangle rules that says:
"when the packets are outbound (meaning they originate from Mikrotik A ) and are IP Protocol GRE 47, mark the packet with DONTROUTE
"when the packets are outbound and are IP Protocol TCP 6 with Port 1723, mark the packet with DONTROUTE
Finally, create yet another route that applies to packets with a routing-mark of DONTROUTE, then route it through Mikrotik B.