How to configure Site-to-Site PPTP VPN on Mikrotik routers

If you are a Mikrotik user, one of the things you will love about
the brand is the VPN setup options at your disposal. Unlike Cisco where not all
routers have VPN features, the smallest Mikrotik router will allow you
configure either a remote access VPN or a Site to Site VPN. Having demonstrated
how to configure GRE
site to site VPN with IPSEC encryption
, today, I will demonstrate how to
link up two sites using Point-to-Point Tunnel Protocol (PPTP).

To successfully set up PPTP for
site to site VPN on two Mikrotik routers, you need to set up one of the routers
as a PPTP server while the other is set up as a PPTP client. First, the routers
must have been configured
with internet access
. If your routers have internet with public IPs that
are reachable from both ends, then you are good to go. First, let’s see how to set up PPTP server on a
Mikrotik router.
First you have to set up the
secret by clicking on the PPP tab from the home menu.

The local
and remote IP are IP addresses from the same subnet used for the PPTP
connection. The IP addresses have nothing to do with the public or LAN IPs on
both routers. Next, you need to enable PPTP server services on the router.
PPTP server is enabled on the router by checking the
box beside “Enabled”. 
On the PPTP client router, you enter the
parameters required for it to connect to the server: these are the username,
password and the public IP address of the PPTP server (make sure the public IP
address on the PPTP server is reachable from the client router). Click on
interface>>add>>pptp client. Click on the dial out tab and enter
the public IP on the PPTP server router in the space for “connect
to”, enter the username and password set on the server and click on apply
and Ok.
Finally, configure routes to the LANs connected to both
routers to go through the PPTP interface or the IP addresses assigned to the
PPTP interfaces. See example below:
Do same on the client router with the IP
address assigned to the PPTP interface on the server as the gateway to reach
the LAN on the server router.
Note: On both routers, you need
to create a NAT accept rule for LAN-to-LAN traffic between both routers for the
users on both routers to communicate.
Spread the love


Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.

Leave a Reply

Your email address will not be published. Required fields are marked *