My Mikrotik is connected to another office using IPsec this connection is used so my users wold have access to this IP 172.20.XXX.10, if IPsec is dropped user can’t have access to 172.20.XXX.10 and the program that they work with is not operating. Now, other users from different companies connect with PPTP to my mikrotik so they would have access to 172.20.XXX.10. The problem is that users connected by PPTP use my internet traffic and that is NOT OK with me, so I just drop all packets with firewall and leave only access to 172.20.XXX.10 but this upset the users, because they can use the program but they don’t have internet because I’m blocking them, but they won’t to work with the program and having internet at the same time.
If users untick “Use default gateway on remote network” in PPTP properties then the program won’t work, because they don’t have access to 172.20.XXX.10 but they have internet (using their own gateway).
Now I want users that connect to my Mikrotik using PPTP to be able to have access 172.20.XXX.10 meaning that the program will work and at the same time use their own internet and not mine.
If someone could help me with this issue I would really appreciate.
You are right when you don’t tick the default gateway on the pptp client, so that they will keep the same gateway from their internet connection. The problem is that you are giving different network IP. The client has an ip 192.168.0.221 while the server has an ip 172.20.x.10. This means that when client sends a request it can not find it within its network so asks to the gateway, in return the gateway can not find so the connection fails.
To solve it, you either assign an IP from the same network, or you add manually a static route in windows. In order to add a static route you would need to add the gateway on the pptp client, but assign it a metric=2.
I can’t assign an IP from the same network as I don’t administer the other side of IPsec. And I cannot connect to every client to add a static route.
Isn’t there another workaround? Thank you.
