Hi,
I have a scenario, in which I want my traffic to be routed to internet through the MikroTik PPTP VPN server once the PPTP connection is established. I have one Ethernet interface in the RouterOS with public IP to which I am connecting. Is it possible to achieve this? How can it be done?
Thanks.
A little bit more information would be helpful. Are you looking at some kind of hairpin configuration? Secondly, PPTP is considered insecure. Better to use L2TP.
Personally, I use L2TP to dial in with a Windows client from a remote location and all traffic is pushed through the VPN by default, i.e. as far as the internet is concerned, all traffic is originating from my dial in location. I don’t think I did any special configuration for this. With OpenVPN you have more control which routes are pushed (i.e. only tunnel specific traffic) but as Mikrotik’s implementation lacks significantly I don’t think you can configure this in RouterOS.
Yes, it can be done.
/ip route add dst-address=<PPTP server PUBLIC ip address> gateway=<your ISP gateway>
/ip route add gateway=<your ISP gateway> distance=5
/ip route add gateway=<PPTP server PRIVATE ip address> distance=1 check-gateway=ping
/ip firewall nat add action=masquerade chain=srcnat disabled=yes out-interface=<PPTP Interface>
Now, once PPTP is up, the PPTP becomes your default route and when it goes down, packets are router over ISP gateway.
Thanks a lot magchiel and skillful for help. I think the post is not clear enough, so I am describing it in much more detail now.
I have installed RouterOS on one server and assigned the ether1 interface a Public IP and have added the 0.0.0.0/0 route to point to the default gateway for internet connectivity. There is no NAT involved here as this server has direct internet connectivity with static Public IP.
After doing the above, I enabled the PPTP VPN in RouterOS, created a PPP secret and then successfully connected to the server through the Windows PPTP VPN client. Now I want to do internet browsing through this VPN connection. How to achieve this? At the moment I am just able to connect through VPN, but unable to do any internet browsing.
For reference, I am assigning 10.0.0.100 as “Local Address” and 10.0.0.200 as “Remote Address” for the VPN connection.
You need to enable NAT for your VPN client or assign them an Internet routable static.
Double check a) whether traffic is flowing properly through the tunnel to the outside world and b) whether DNS settings are correct.
You can check a) e.g. by doing a traceroute to some outbound IP e.g. 8.8.8.8 (not hostname in case DNS is crooked) or by opening a torch on your PPTP interface and start a ping -t from your dial up client. If traffic is flowing properly your router IP should show up in the traceroute or you’ll receive a ping response while showing traffic on the torch.
Check b) by doing a nslookup from your client computer to e.g. google.com. Also remember that DNS setttings for PPP are configured separately in the PPP profile and aren’t taken from the DHCP server. Secondly make sure that if you’re using the Mikrotik as DNS relay it is configured to allow remote requests (and the firewall is configured to prevent open DNS).
The above mentioned action solved the problem. Thanks a lot bkuhn. 