Mikrotik Router Configuration

From SEDS-USA Wiki
Jump to navigation Jump to search

Point to point tunneling protocol is a method for implementing virtual private network .PPTP used controll channel over TCP and GRE and encalsulting ppp packet.PPTP have many kind of security variability key establishment.



Basic Ip Address Configuration: ip address> add address=103.7.248.206 interface=PUBLIC



ip address> add address=192.168.1.1 interface=LOCAL



/ip pool> add name=VPNPOOL ranges=192.168.1.2-192.168.1254



NAT Configuration: /ip firewall nat> add chain=srcnat action=masquerade out-interface=PUBLIC PPP Profile Configuration: /ppp profile



add name="VPN" local-address=192.168.1.1 remote-address=VPNPOOL use-mpls=default use-compression=default use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default dns-server=8.8.8.8,4.4.4.4



PPPTP Server Configuration: /interface pptp-server> add disabled=no name=VPN /interface pptp-server server> set enabled=yes authentication=mschap1,mschap2 PPTP User Create: /ppp secret> /ppp secret> add name=test1 service=pptp password=123 remote-address=192.168.1.20 local-address=192.168.1.1



Verification: [admin@Mikrotik] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 103.7.248.206/29 103.7.248.200 PUBLIC 1 192.168.1.1/24 192.168.1.0 LOCAL



[admin@Mikrotik] /ip pool> print # NAME RANGES 0 VPNPOOL 192.168.1.2-192.168.1.254



[admin@Mikrotik] /ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat action=masquerade out-interface=PUBLIC



[admin@Mikrotik] /ppp profile> print Flags: * - default 0 * name="default" use-mpls=default use-compression=default use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=yes



1 name="VPN" local-address=192.168.1.1 remote-address=VPNPOOL use-mpls=default use-compression=default use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default dns-server=8.8.8.8,4.4.4.4



2 * name="default-encryption" use-mpls=default use-compression=default use-vj-compression=default use-encryption=yes only-one=default change-tcp-mss=yes



[admin@Mikrotik] /interface pptp-server> print Flags: X - disabled, D - dynamic, R - running # NAME USER MTU CLIENT-ADDRESS UPTIME ENCODING 0 VPN



[admin@Mikrotik] /interface pptp-server server> print enabled: yes max-mtu: 1460 max-mru: 1460 mrru: disabled authentication: mschap1,mschap2 keepalive-timeout: 30 default-profile: default-encryption



[admin@Mikrotik] /ppp secret> print Flags: X - disabled # NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS 0 test pptp 123 default 192.168.1.2



[admin@Mikrotik] /ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 S 0.0.0.0/0 103.7.248.201 1 1 ADC 103.7.248.200/29 103.7.248.206 PUBLIC 0 2 ADC 192.168.1.0/24 192.168.1.1 LOCAL 0 Firewall Rules apply for PPTP: /ip firewall filter add action=accept chain=input disabled=no dst-port=1723 protocol=tcp add action=accept chain=input disabled=no protocol=gre



Make sure these rules are above any general DENY rule.