Setting up a VPN in MikrotikOS to share internet
Tuesday, May 27th, 2008During the past few weeks I have received numerous requests about users asking me to help them set up a PPTP VPN tunnel between two Mikrotik devices to share internet, so I thought it couldn’t do any harm in writing a nice little how to.
We are going to start with the Mikrotik router providing the internet, please make sure that the router is already internet enabled and that you can ping internet sites from it.
Log in to the router using Winbox, and click on the PPP link to open up the PPP settings page. First we enable the PPTP server on the router by clicking settings button and ticking enabled and then apply.
After enabling the PPTP Server we need to create a login for the router wanting the internet. Go to the secrets tab, click the +, a screen will open up where you will fill in all the details. Name is the username, Password the password, profile choose default-encryption. Now for the most important part, the IP’s. Local Address is the IP the dialing router will have in the router providing Internet, and Remote Address the IP the dialing router will have in its own side. The remote address is important cause we will use it to masquerade the internet. Click apply and you should now have a login setup.
Now we must set up the Masquerade rule, so that the dialing router will be able to surf the web. On the main menu go to IP -> Firewall. Click the NAT tab and then the +. In chain select srcnat, src address is the remote address we used in the login setup above. You can either just use the ip or you can use a whole range if you have more than 1 router dialing.
Now click on the Action tab and for Action select masquerade. Click apply and then you are done setting up the server side of the PPTP VPN.
Next we log into the Mikrotik router dialing to the router providing the internet. Log in using Winbox, go to PPP menu. Click the + and select PPTP Client. Go to the Dial Out tab and in the Connect To box enter the IP of the router providing the internet, User and Passowrd will be the username and password set up on the server side. Under Profile select default-encryption, tick Add Default Route and then Apply.
That it you should now have a fully working VPN link to the router providing the internet and should now have internet. Just remember that DNS settings could perhaps not be set up and thus your internet could not be working.
Please take not that this tutorial was written for Mikrotik routers on the CTWUG network but should also work for other networks. If you have any questions or queries please leave comments and I’ll respond.
