I am trying to set up the VPN server on my router all weekend, but have run into the end of what I seem to be able to make work.
My goals:
- Give a few friends a connection to my network to browse local resources, without passing all their other traffic through my network.
- Set up a full tunnel for my own traffic, so I can use it as a secure connection when I am out.
Here’s a drawing:
http://grab.by/Mx58
So far, I have a working PPTP connection from my (external) laptop to my network.
If I enable default gateway, I can access internal resources, if I disable it, I can access external resources.
From my digging, it seems like I need to add a route to the VPN connection that will be pushed on connect (and I would prefer to do this over setting a static route on the client).
I am not sure what to add in that box though, to make my laptop able to access internal resources without the default gateway turned on.
http://grab.by/Mx5k
What settings on the router do I need to set other than what I have below to make my goals work?
Please give me config lines or step by step instructions, if possible.
# dec/06/2015 20:03:01 by RouterOS 6.33.3
/ip pool
add name=InternalPool ranges=192.168.0.105-192.168.0.200
add name=PPTPPool ranges=192.168.20.100-192.168.20.200
/ppp profile
add local-address=InternalPool name=pptp-profile remote-address=PPTPPool
/interface pptp-server server
set authentication=mschap2 enabled=yes
/ip firewall filter
add chain=input comment="Accept Ping" protocol=icmp
add chain=input comment="Accept Established" connection-state=established
add chain=input comment="Accept Related" connection-state=related
add chain=input comment="VPN Rule" protocol=gre
add chain=input comment="VPN Rule" dst-port=1723 protocol=tcp
add action=drop chain=input in-interface=sfp1-gateway
add action=drop chain=input in-interface=FiberOp-VLAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=FiberOp-VLAN src-address=192.168.0.0/24
/ppp secret
add name=ben profile=pptp-profile
[/size]