Page 1 of 1

PPTP VPN into network. Missing something.

Posted: Wed Jul 25, 2012 3:19 pm
by jeremyh
Hello

I would like to configure a PPTP VPN so that I may connect any machine I happen to be at (at home, etc., which may have any local or WAN IP) to my 192.168.1.0/24 network for troubleshooting and so on.
Let's assume that I want it to take a lease from the same pool as all the other machines, and use 192.168.1.1 as DNS too.

Here's what I've got. I am able to connect and auth to the PPTP server (from Mac OS X client, 10.0.1.0/24), but I can't reach any addresses on the target network other than 192.168.1.1 (RouterOS).
/interface pptp-server
add name=pptp-admin user=admin
/ip pool
add name=dhcp_pool ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool disabled=no interface=bridge1 lease-time=1d name=\
    dhcp1
/ppp profile
add address-list=0.0.0.0/0 bridge=bridge1 change-tcp-mss=yes dns-server=\
    192.168.1.1 local-address=dhcp_pool name=pptp-admin only-one=no \
    remote-address=dhcp_pool use-compression=no use-mpls=no \
    use-vj-compression=no
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ppp secret
add name=admin password=******** profile=pptp-admin routes=192.168.1.1 \
    service=pptp
I'm not sure what I'm missing - just after a nudge in the right direction. I'm still learning about RouterOS.

Thanks
Jeremy

Re: PPTP VPN into network. Missing something.

Posted: Wed Jul 25, 2012 5:20 pm
by cbrown
You probably need to set ARP to proxy-arp on your LAN interface.

Re: PPTP VPN into network. Missing something.

Posted: Wed Jul 25, 2012 6:10 pm
by jeremyh
You probably need to set ARP to proxy-arp on your LAN interface.
Absolutely spot on. Thankyou :D

Re: PPTP VPN into network. Missing something.

Posted: Fri Aug 10, 2012 10:27 pm
by gsloop
Just wanting to highlight how broken PPTP is.
https://www.cloudcracker.com/blog/2012/ ... s-chap-v2/

You're welcome to use if you like, but I wouldn't trust PPTP over any insecure medium. [And if you're on a completely secure medium, why use PPTP in the first place.]

L2TP/IPSec works pretty well.

Just FYI.

-Greg