Hey there everyone, I was wondering if it would be possible to create a PPTP Server on my Mikrotik I’m using as a router and force all traffic to go through it. I know this is possible with a VPN provider as I’ve set it up before, but my question is just if it’s possible to do without a provider and just use my Mikrotik as the server.
Public Ip is 148.xxx.xxx.54
Router Ip is 172.16.0.1
Thank you guys in advance I appreciate it! 
Reason: I wanted to do some TCP testing and also just for fun and to learn if it was possible.
Yes, what you want to do can be done with a MikroTik router. Take a look at the VPN wiki pages for more information.
WARNING: Do NOT use a PPTP VPN as it is not classed as secure any more!
I would recommend that you use either WireGuard or OpenVPN for your VPN (SSTP or L2TP are other options) but can’t offer specific guidance on the exact configuration you need.
–
Backups are your friend. Always make a backup!
/system backup save encryption=aes-sha256 name=MyBackup
Please, export and attach your current config to your post if you want help with a config issue:
/export hide-sensitive file=MyConfig/export file=MyConfig
Thank you very much for the reply, MickeyT and sorry for the delay in my response! I am aware that PPTP is unsecure but still want to use it momentarily for this just as a learning experience. After you instruct with the setup of this I should easily be able to to replicate it in Wireguard or SSTP. I’ve included the export as you asked and I also have a back-up. One thing to note: My SFP port is my WAN in this configuration, not Ether1 I am eager to learn how to configure this.
Edit: I went through the info on the link you sent me and I have a question. There is no part where you set up a router mark in mangle to differentiate what traffic range gets routed through the VPN. Is this not needed? The reason I ask is it was required when going through a VPN service in the past, though I realize this is a different setup.
MyConfig.rsc (7.25 KB)
As I said, I can’t offer specific guidance for the configuration you want but here is a generic PPTP server configuration I’ve used on various MikroTik routers (RoS version 6.* but not 7.* so I don’t know if it will work there - you should be fine since you’re on RoS 6.49.13)
# Create a VPN address pool
/ip pool add name="VPN Pool" ranges=192.168.89.100-192.168.89.200
# Create a VPN profile
/ppp profile add name="VPN Profile" local-address=192.168.88.1 \
remote-address="VPN Pool" change-tcp-mss=yes \
use-encryption=yes dns-server=1.1.1.1,1.0.0.1
# Create a VPN user account
# Change the name "user1" to whatever username you want to use
# Change the password to something more secure
/ppp secret add name=user1 password=p@sSword1 profile="VPN Profile"
# Enable PPTP server
/interface pptp-server server set authentication=mschap1,mschap2 \
default-profile="VPN Profile" enabled=yes
# Configure firewall rules IPv4
# Make sure that these rules are early in the list so that they aren't overridden
/ip firewall filter add chain=input dst-port=1723 protocol=tcp comment="PPTP VPN"
/ip firewall filter add chain=input protocol=gre comment="PPTP VPN"
Please remember that this is only an example and you will need to adjust some settings to work for your system. Specifically you are likely to need to adjust the
- VPN address pool range,
- The local-address in the VPN profile,
- The dns-server settings in the VPN profile.
–
Backups are your friend. Always make a backup!
/system backup save encryption=aes-sha256 name=MyBackup
Please, export and attach your current config to your post if you want help with a config issue:
/export hide-sensitive file=MyConfig/export file=MyConfig
I have tried and it's work. Thank you so much, erlinden.
I tried your suggestion and it worked perfectly. Thank you so much, erlinden!
1 Like