VPN (Virtual Private Network) is a technology that extends private network across a public network. It enables private network users to send and receive data across public network as if their network devices were directly connected to the private network.

There are many VPN services in MikroTik RouterOS 7. Among them, MikroTik PPTP is a mostly used VPN service. It is a client-server VPN technology. So, a user can access server, printer, IP phone and any other network devices of any private network across public network using MikroTik PPTP.

For example, if you are a system administrator or an employee of an office and need to access office server, printer or any network devices while you are outside of the office, MikroTik PPTP VPN will be a better solution which will connect you with your office network across vpn network.

MikroTik PPTP service can be applied in two methods. These are:

• Client-Server PPTP VPN (Connecting remote workstations/clients)
• Site-to-Site PPTP VPN (VPN between RouterOS)

In this article, We are going to see how to configure MikroTik PPTP service that will be able to connect a remote workstation across public network and the remote workstation will be able to get access to local network as if the workstation was directly connected to the local network.

Network Diagram

To configure a MikroTik PPTP VPN Service that will connect a remote workstation across public network, We are following the below network diagram.

In this diagram, a MikroTik Router is connected to internet through ether1. Workstations are connected to ether2. The Laptop is connected to the internet and can reach MikroTik Router’s public IP. After configuring PPTP VPN Tunnel, the laptop will be able to connect to MikroTik local network as if it was directly connected to the local network.

IP Information for this configuration

• MikroTik WAN IP: 172.22.15.221/24 (Must replace with your Public IP provided by the ISP)
• MikroTik LAN Gateway: 192.168.20.1/24
• Local Address for remote client: 192.168.20.1 (MikroTik LAN Interface IP)
• Remote Address: 192.168.20.50 (IP address that will be assigned to remote client)

MiroTik VPN Configuration with PPTP

VPN configuration in MikroTik RouterOS 7 with PPTP Service can be divided into two parts.

• Part 1: MikroTik Router Basic Configuration
• Part 2: PPTP Server Configuration

Part 1: MikroTik Router Basic Configuration

In this part, we will complete MikroTik Router basic configuration. Basic RouterOS configuration includes assigning WAN IP, LAN gateway IP, DNS IP, NAT configuration and default route configuration. The following steps will show how to do these configuration in MikroTik RouterOS 7.

• Login to MikroTik RouterOS using winbox and go to IP > Addresses menu item.
• In Address List window, click on PLUS SIGN (+). In New Address window, put WAN IP address (172.22.15.221/24) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and click on Apply and OK button.
• Click on PLUS SIGN again and put LAN IP (192.168.20.1/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and click on Apply and OK button.
• Go to IP > DNS and put DNS servers IP (8.8.8.8 or 8.8.4.4) in Servers input field and click on Apply and OK button.
• Go to IP > Firewall and click on NAT tab and then click on PLUS SIGN (+). Under General tab, choose srcnat from Chain dropdown menu and click on Action tab and then choose masquerade from Action dropdown menu. Click on Apply and OK button.
• Go to IP > Routes and click on PLUS SIGN (+). In New Route window, click on Gateway input field and put WAN Gateway address (172.22.15.1) in Gateway input field and click on Apply and OK button.

Basic RouterOS configuration has been completed. Now it is time to enable PPTP Server in MikroTik RouterOS.

Part 2: PPTP Server Configuration in MikroTik Router

After completing MikroTik Router basic configuration, we will configure PPTP VPN Server in MikroTik RouterOS. PPTP VPN Server configuration in MikroTik Router can be completed following the below four steps.

• Enabling PPTP Server in RouterOS 7.
• Creating PPP Secrets (Username and Password).
• Enabling proxy-arp on LAN interface.
• Creating PPTP Interface.

Step 1: Enabling PPTP Server in MikroTik RouterOS 7

The first step to create PPTP Tunnel in MikroTik RouterOS is to enable PPTP VPN Server. The following step will show how to enable PPTP VPN Server in MikroTik RouterOS.

• Go to PPP menu item and click on PPTP Server button from PPP window.
• Now click on enabled checkbox and then click Apply and OK button. PPTP Server will be enabled now.
• Alternatively, we can do this cmd: > interface pptp-server server> set enabled=yes
• And to show pptp-server status: > interface pptp-server server> print

Step 2: Creating PPP Secrets(username and password)

We will now create a user who will be connected to the PPTP VPN Server. To create username and password, follow the below steps carefully.

• Go to PPP > Secrets and click on PLUS SIGN (+). 
• Now put username and password in Name and Password input field. Choose Service=pptp, Profile=default, Local Address= 192.168.20.1 (LAN Gateway IP), Remote Address=192.168.20.50 (Local IP address that will be assigned to the remote client).
• Click Apply and OK button. A PPTP user that means VPN user will be created now.
• Alternatively, we can run this command: ppp secret > add name=username service=pptp password=123 local-address=192.168.20.1 remote-address=192.168.20.50
• To show secrets from command prompt: ppp secret> print

PPP user who will be connected from remote client machine has been created. At this point, if the user gets connected from the remote client machine and try to ping any workstation from the remote machine, the ping will be time out because the remote client is unable to get ARPs from workstations. The solution is to set up proxy-arp on the LAN interface

Step 3: Enabling proxy-arp on LAN interface

The following steps will show how to enable proxy-arp on the LAN interface.

• Click on Interfacesmenu item and then click on interface tab.
• Click twice on the LAN interface (example: ether2). Interface property window will appear.
• Under General tab, choose proxy-arp from ARP dropdown menu.
• Click Apply and OK button.

After enabling proxy-arp, the remote client can successfully reach all workstations in the local network behind the router.

Step 4: Creating PPTP Interface

You can optionally create PPTP interfaces. If you do not create PPTP interface manually, a PPTP interface will be created dynamically when a user will be connected. The following steps will show you how to create a PPTP interface for a specific user manually in MikroTik router.

• Go to PPP > Interface and click on PLUS SIGN (+) and then choose PPTP Server option.
• Put PPTP interface name in the Name field.
• Put username for whom you are creating this interface in User input field.
• Click on Apply and then OK button.

If we need to apply specific filter rule for a specific user, create this PPTP interface otherwise, it is always better to allow creating PPTP interface dynamically.

PPTP Server is now ready to accept PPTP client. Now we will see how to create PPTP client in Windows Operating System.

PPTP Client Configuration

Almost all Operating Systems including Windows support PPTP client. In this article, we will see how to configure PPTP client in Windows 10 operating system. All other Windows versions follow almost the same procedure.

• Go to Control Panel and choose View Items by Small icons and then click on the Network and Sharing Center item.
• From Network and Sharing Center window, click on Setup a new connection or network.
• From Setup a New Connection or Network window, choose Connect to a workplace connection option and click on Next button.
• Connect to a Workplace window will ask: How do you want to connect? Click on Use my Internet connection (VPN)
• Now provide MikroTik Router’s WAN IP in Internet address input field and provide a name of your VPN in Destination name input field and then click on Create button. Your VPN network adapter will be created.
• Again go to Network and Sharing Center window and click on Change adapter settings link. Your newly created VPN adapter will be found here.
• Click mouse right button and click Connect option.
• Now provide PPTP user’s username and password in Username and Password input field respectively and then click Connect button.

If everything is OK, you will be able to connect to the PPTP VPN Server and a PPTP Tunnel will be created between MikroTik RouterOS and the remote client device. Now try to ping and I hope there will be no problem to get ping reply.

If you use other operating system than Windows, please search in Google how to create PPTP client at that specific operating system. I hope you will a get solution.

If you have any confusion to do above steps properly, please watch the below video carefully about MikroTik VPN configuration with PPTP. I hope, it will help you to reduce any confusion about VPN in MikroTik Router with PPTP VPN Service.

MikroTik VPN configuration with PPTP VPN Service has been discussed in this article. I hope, you are now be able to configure a VPN tunnel with MikroTik PPTP VPN Service. However, if you face any problem to configure a VPN network with MikroTik RouterOS 7, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.