If you are a Mikrotik user, one of the things you will love about the brand is the VPN setup options at your disposal. Unlike Cisco where not all routers have VPN features, the smallest Mikrotik router will allow you configure either a remote access VPN or a Site to Site VPN. Having demonstrated how to configure GRE site to site VPN with IPSEC encryption, today, I will demonstrate how to configure site to site pptp vpn on Mikrotik routers
To successfully configure site to site PPTP VPN on Mikrotik routers, you need to set up one of the routers as a PPTP server while the other is set up as a PPTP client. First, the routers must have been configured with internet access
. If your routers have internet with public IPs that are reachable from both ends, then you are good to go. First, let’s see how to set up PPTP server on a Mikrotik router. First you have to set up the secret by clicking on the PPP tab from the home menu.
The local and remote IP are IP addresses from the same subnet used for the PPTP connection. The IP addresses have nothing to do with the public or LAN IPs on both routers. Next, you need to enable PPTP server services on the router.
PPTP server is enabled on the router by checking the box beside “Enabled”.
On the PPTP client router, you enter the parameters required for it to connect to the server: these are the username, password and the public IP address of the PPTP server (make sure the public IP address on the PPTP server is reachable from the client router). Click on interface>>add>>pptp client. Click on the dial out tab and enter the public IP on the PPTP server router in the space for “connect to”, enter the username and password set on the server and click on apply and Ok.
Finally, configure routes to the LANs connected to both routers to go through the PPTP interface or the IP addresses assigned to the PPTP interfaces. See example below:
Do same on the client router with the IP address assigned to the PPTP interface on the server as the gateway to reach the LAN on the server router. Note: On both routers, you need to create a NAT accept rule for LAN-to-LAN traffic between both routers for the users on both routers to communicate.