Community discussions

MikroTik App
just joined
Topic Author
Posts: 1
Joined: Sat Feb 13, 2021 4:09 am

Routing traffic though VPN SSTP to Mikrotik from a client W10

Sat Feb 13, 2021 4:40 am


I set up my mikrotik as SSTP server and i could connected to it whitout any problem from a Windows 10 SSTP native client.
Since i have the option "use default gateway on remote network" checked, i could saw into windows 10 a default route againts the mikrotik. So all traffic is force to go through the VPN. When i unchecked this option, i could say into windows 10 route table a specific route (not the default) againts the mikrotik. So, only the traffic to my internal lan go through the VPN. (Like a Split-Tunneling)

For example in my case, the specific route which is shown me is , but in the Mikrotik routing table there is not some route nor in the address or ip pools.

So my question, for wich I ask your help, is whether somebody know where in the configuration of mikrotik are specified the route or routes which the client W10 get from Mikrotik when i unchecke the "use default gateway on remote network"...

User avatar
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Fri Dec 29, 2017 12:23 pm

Re: Routing traffic though VPN SSTP to Mikrotik from a client W10

Wed Feb 17, 2021 6:11 pm

This route isn't pushed.
afaik, ppp only negotiates an address, the route comes from classfull routing. So better use 192.168.x.x for VPN clients, this will only use class C /24 route.

Look into windows powershell Add-VpnConnectionRoute command. It can add route onto VPN connection entry.
Forum Guru
Forum Guru
Posts: 6869
Joined: Mon Dec 04, 2017 9:19 pm

Re: Routing traffic though VPN SSTP to Mikrotik from a client W10

Wed Feb 17, 2021 6:26 pm

The only VPN protocol in RouterOS which currently supports pushing routes to Windows is IKEv2. For all other protocols, you either have to follow the suggestion of @16again, or you may use the "normal" command line to add persistent routes (route add -p ...) with gateway and the VPN interface specified - these routes only become active if the interface is up, i.e. if the VPN connection is established. However, for some reason these routes become active when any VPN interface comes up, so this way is only useful if you only use a single VPN connection.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Bing [Bot], eworm, flameproof, Note and 154 guests