VPN ISsue

sishith · September 25, 2006, 8:06am

Hi,

Can anyone guide me for Configuring Mikrotik as VPN Server for Windows based Clients.

Any specific documents, Help Documents are welcome

Its bit urgent.

Regards,
Sishith Asok R

normis · September 25, 2006, 8:30am

Setup on PPTP server:

Add a user:

[admin@PPTP-Server] ppp secret> add name=jack password=pass \
            \... local-address=10.0.0.1 remote-address=10.0.0.2

Enable the PPTP server:

[admin@PPTP-Server] interface pptp-server server> set enabled=yes

taken from:
http://www.mikrotik.com/docs/ros/2.9/interface/pptp

sishith · September 25, 2006, 9:02am

Hi,

Is it possible to control the User Access when a user connected to Via VPN. I mean i need to deny some subnet access and provide some particular ip address access.

–
Sishith

normis · September 25, 2006, 9:03am

please, do yourself a favour - read the manual:
http://www.mikrotik.com/docs/ros/2.9/

you can do the requested with basic firewall rules

sishith · September 25, 2006, 9:14am

I know about Firewall rules but the question was is it possible to control with the user name bcz i will have a pool for the remote ip and it will be dhcp pool. so i wont be able to control with a particular ip .

Do you have any comments for this Mr. Normis

Sishith Asok

normis · September 25, 2006, 9:21am

you could make a firewall chain with all the requested rules, then specify this chain in the ppp profile’s “outgoing-filter” setting, and use a specific profile for each group of users. or maybe some other way

sishith · October 8, 2006, 10:36am

HI,

I have PPP Users like test1,test2,test3 etc.., and the remote address i am using from dhcp Pool so i cant put the rule according to ip. i need to use the username for putting the rule. so can anybody suggest..

I need to control with Username .. Is it possible… Veryy Urgent

Sishith

JJCinAZ · October 8, 2006, 4:02pm

Add static pptp interfaces for specific users and apply rules to each as needed
Assign static IP’s to specific users instead of the pool method and apply rules as needed

sishith · October 9, 2006, 6:26am

HI,

Thanks for the response but is there any way i can control with the user name ,if i am assigning the remote address as dhcp pool.

Sishith Asok R

changeip · October 9, 2006, 6:58am

Yes, create named interfaces for each person, this way you have a static interface for them. Then in firewall filters you can use this interface - anything coming or going from their ‘tunnel’. You should try to use the ppp-in and ppp-out chains to your advantage as well (ppp chain is dynamically added, I like to use ppp-in and ppp-out as well)

Sam