Community discussions

MikroTik App
 
kelarlee
newbie
Topic Author
Posts: 29
Joined: Thu Dec 27, 2018 5:48 pm

VPN with static routes on client side(without default gateway)

Wed Sep 15, 2021 7:40 pm

Hi, can i ask any advice with my problem ? I have a task - my Mikrotik working as pptp vpn server, clients from another office connecting through VPN to my local network to gain access to internal services. Everything ok except one thing - so as not to load my isp channel, i need to disable "use default gateway" option in vpn connection properties on client side (Windows OS) and add static route to access to my local network. Is there any protocol or maybe another vpn technology that can include static routes in vpn connection that transfering to client so i could not write static routes on client side and at the same time clients should use their own isp for serfing in internet. Thank you.
 
fsebera
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

Re: VPN with static routes on client side(without default gateway)

Wed Sep 15, 2021 10:20 pm

Hi Kelariee,

I'm not an expert on Mikrotik but It sounds like you are referring to the use of split tunneling on the client side.

Link is found here:
https://wiki.mikrotik.com/wiki/Manual:IP/IPsec
or a google search for mikrotik ipsec split tunnel should bring up the same page.

Hope this helps
Frank
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: VPN with static routes on client side(without default gateway)

Thu Sep 16, 2021 9:08 am

To state that more explicitly than @fsebera - currently, RouterOS doesn't support "route push" for any other VPN protocol but IPsec. And it must be bare IPsec - route push doesn't work if you use IPsec to protect any "usual" tunnel like IPIP or GRE.

For the embedded VPN client on Windows, you must use IKEv2 with certificates in order that this worked.

For non-Mikrotik IPsec peers, the route pushing is often limited to a single destination prefix.
 
kelarlee
newbie
Topic Author
Posts: 29
Joined: Thu Dec 27, 2018 5:48 pm

Re: VPN with static routes on client side(without default gateway)

Thu Sep 16, 2021 5:02 pm

Thank you for replies, i hoped on any miracle, but seems like real life as usual :D
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: VPN with static routes on client side(without default gateway)

Thu Sep 16, 2021 5:47 pm

With Windows you do have the option of the VPN client adding class-based routes instead of a default route. Not that useful if you use 192.168.x.x for your local networks as the route is a /24, but 172.16.x.x - 172.31.x.x having a /16 route and 10.x.x.x having a /8 route work well.

Also, as PPTP with MSCHAPv2 authentication and MPPE (RC4) encryption have known insecurities consider any of the other VPN methods available on Mikrotiks.

Who is online

Users browsing this forum: Bing [Bot], rplant and 69 guests