PPTP Server, client add to bridge

thavinci · October 13, 2011, 6:36am

Ok i have the following requirement…

Firstly all i wan’t to do is have the PPTP server running, however instead of assigning clients a seperate pool and routing i wanted to have the client be bridged onto the Internal LAN

So A:
I created a bridge
Added internal port to it.

B:
Enabled PPTP
Set default profile to default encryption

C:
Went into default-encryption profile left everything as is, however slected bridge1 under bridge field.

D:
Went under secrets, created one and simply made sure it’s profile is default-enryption

Now what is happening is the client cannot connect because it’s not getting IP settings i assume, however this is how it should be setup according to wiki somewhere…
The exact error is

No network protocols running

/ppp profile> print
Flags: * - default 
 0 * name="default" use-mpls=default use-compression=default use-vj-compression=default use-encryption=default only-one=default 
     change-tcp-mss=yes 

 1 * name="default-encryption" bridge=bridge1 use-mpls=default use-compression=default use-vj-compression=default use-encryption=yes 
     only-one=default change-tcp-mss=yes

print
Flags: X - disabled 
 #   NAME                     SERVICE CALLER-ID                     PASSWORD                     PROFILE                     REMOTE-ADDRESS 
 0   user                   pptp                                              pass                         default-encryption

thavinci · October 13, 2011, 6:42am

Oh yes, forgot to mention i am using v5.6…

CCDKP · October 13, 2011, 4:42pm

PPTP still has to hand out an IP address as part of the PPTP handshake.

Create an IP Pool of addresses in the range of your internal network.
in either the pptp profile or the secret, set the local IP to the bridge IP of the Mikrotik and the remote IP to the pool you created.

Finally, under interfaces, click the properties of the bridge and change ARP type to proxy-arp.

If you do not set the proxy-arp, the vpn client will not be able to talk to any local PC’s on the bridge.

thavinci · October 13, 2011, 5:33pm

Well i got taken for a ass by the wiki then …
http://wiki.mikrotik.com/wiki/Manual:BCP_bridging_(PPP_tunnel_bridging)

I initially did it the way you mentioned as that made logical sense, but admitedly in rush of things i never set the proxy-arp and hence wasn’t able to communicate with LAN hosts…

I will try it again and im sure it will work…

Thank You..

CCDKP · October 13, 2011, 7:22pm

After looking at that example, I wonder if I sent you down the wrong path.

The instructions I mentioned were for a single pptp user to dial into a network. A roaming user VPNing in with a laptop.
(see http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP#Connecting_Remote_Client)

The instructions you posted are for a site-to-site. If you are doing a site-to-site, then it is recommended you don’t put them on the LAN’s on the same network, but rather make them independent subnets and route the traffic over a PPTP tunnel.
(see http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP#Site-to-Site_PPTP)

If you ABSOLUTELY need to have both sites on the same broadcast domain, then establish an EoIP tunnel and bridge the two there.
(see http://blog.butchevans.com/2008/09/mikrotik_routeros_transparent_bridge_pptp_eoip/)

Tunnels are very versatile tools, so there are many ways to set them up. That is why there is a lot of conflicting information about them.