VPN Configuration with MikroTik Router
VPN (Virtual Private Network) is a technology that extends private network across a public network. It enables private network users to send and receive data across public network as if their network devices were directly connected to the private network.
MikroTik Router provides a lot of VPN services. Among them, client-server VPN with MikroTik PPTP service is the mostly used VPN service. With client-server VPN, a user can access server, printer, IP phone and any other network devices of any private network across public network. For example, if you are a system administrator or an employee of an office and you need to access your office server, printer or any network devices while you are outside of your office, a client-server VPN will be better solution for you.
In this article, I will show how to configure a client-server VPN with MikroTik PPTP service. To configure a client-server VPN in MikroTik router, I am using the below topology.
Here, a user is connected to his/her office by creating PPTP tunnel across public network and he/she is accessing office network devices through this PPTP tunnel. My below configuration will show how to configure such a client-server VPN network where a user will be connected to his/her office for accessing network devices while he/she is outside of his/her office.
Required Information which are using in this configuration:
- MikroTik WAN Network: 172.22.15.221/24 (Must replace with your Public IP provided by your ISP)
- MikroTik LAN Network: 192.168.20.1/24
- Local Address: 192.168.20.1 (MikroTik LAN Interface IP)
- Remote Address: 192.168.20.50 (IP address that will be assigned to remote user)
Client-Server VPN Configuration in MikroTik Router
Complete client-server VPN configuration in MikroTik router with PPTP service can be divided into two steps:
- MikroTik router basic configuration
- PPTP server configuration
MikroTik Router Basic Configuration
MikroTik Router basic configuration is prerequisite to configure a client-server VPN in MikroTik router. If you are a new MikroTik user and don’t know how to do MikroTik router basic configuration, please spend some time to study my previous article about MikroTik router basic configuration using winbox from very beginning and then follow the rest of this article to configure a client-server VPN network with MikroTik PPTP service.
PPTP Server Configuration in MikroTik Router
After completing MikroTik router basic configuration, you need to configure PPTP server in MikroTik router for configuring a client-server VPN successfully. Complete PPTP server configuration in MikroTik router can be divided into four steps.
- PPTP interface creation
- enabling PPTP server
- Secrets (Username and Password) creation
- Enabling proxy-arp to WAN interface.
Step 1: PPTP Interface Creation
To create a client-server VPN with PPTP service, first you have to create a pptp interface. Below steps will show you how to create PPTP interface in MikroTik router.
- Go to PPP > Interface and click on PLUS SIGN (+) and then choose PPTP Server option.
- Put PPTP interface name in the Name field and click on Apply and then OK button. PPTP interface will be created now.
Step 2: Enabling PPTP Server in MikroTik Router
After creating PPTP interface, we will now enable PPTP server in MikroTik Router. To create PPTP server, do the below steps carefully.
- Go to PPP menu item and click on PPTP Server button from PPP window.
- Now click on enabled checkbox and then click Apply and OK button. PPTP server will be enabled.
- Alternatively, you can do this cmd: > interface pptp-server server> set enabled=yes
- And to show pptp-server status: > interface pptp-server server> print
Step 3: Secret Creation(username and password)
Now it is time to create a user who will be connected to pptp server. To create username and password, follow below steps carefully.
- Go to PPP > Secrets and click on add new button (+).
- Now put username and password in Name and Password input field. Choose Service=pptp, Profile=default, Local Address= 192.168.20.1 (Router interface IP), Remote Address= 192.168.20.50 (Local IP address which will be assigned to user).
- Click Apply and OK button. A PPTP user that means VPN user will be created now.
- Alternatively, you can do this cmd: > ppp secret> add name=username service=pptp password=123 local-address=192.168.20.1 remote-address=192.168.20.50
- To show secrets from cmd: > ppp secret> print
You can add as many users who will be connected to your pptp server as you need by the above steps.
Step 4: Enabling proxy-arp to WAN interface
Lastly, you have to enable proxy-arp to WAN interface for identifying your remote user in arp list. For this, do the below steps carefully.
- Click on Interface menu and double click on your WAN interface and choose ARP to proxy-arp.
- Alternatively, you can do this cmd: > interface ethernet> set ether1 arp=proxy-arp
- And to show Ethernet status: > interface ethernet> print
Your client-server vpn with MikroTik PPTP service is now ready if you do the above steps properly. Your vpn users are now able to login to your vpn server with the username and password provided by you. Create a VPN adapter in your favorite Operating System and login with the username and password. If you have any confusion to do above steps properly, please watch the below video carefully about VPN configuration with MikroTik Router. I hope, it will remove your any confusion about client-server VPN in MikroTik Router.
Client-server VPN configuration with MikroTik has been discussed in this article. I hope, you are now able to configure a client-server VPN with MikroTik router. However, if you face any problem to configure a client-server VPN network with MikroTik router, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.