MIKROTIK : SITE-TO-SITE PPTP

Site-to-Site PPTP

The following is an example of connecting two Intranets using PPTP tunnel over the Internet.

Consider following setup

Site-to-site-pptp-example.png

Office and Home routers are connected to internet through ether1, workstations and laptops are connected toether2. Both local networks are routed through pptp client, thus they are not in the same broadcast domain. If both networks should be in the same broadcast domain then you need to use BCP and bridge pptp tunnel with local interface.

First step is to create a user

[admin@RemoteOffice] /ppp secret> add name=Home service=pptp password=123
local-address=172.16.1.1 remote-address=172.16.1.2 routes="10.1.202.0/24 172.16.1.2 1"
[admin@RemoteOffice] /ppp secret> print detail
Flags: X - disabled
  0   name="Home" service=pptp caller-id="" password="123" profile=default
      local-address=172.16.1.1 remote-address=172.16.1.2 routes=="10.1.201.0/24 172.16.1.1 1"

[admin@RemoteOffice] /ppp secret>

Notice that we set up pptp to add route whenever client connects. If this option is not set, then you will need static routing configuration on the server to route traffic between sites through pptp tunnel.

Next step is to enable pptp server on the office router and configure pptp client on the Home router.

[admin@RemoteOffice] /interface pptp-server server> set enabled=yes
[admin@RemoteOffice] /interface pptp-server server> print
            enabled: yes
            max-mtu: 1460
            max-mru: 1460
               mrru: disabled
     authentication: mschap2
  keepalive-timeout: 30
    default-profile: default
[admin@RemoteOffice] /interface pptp-server server>

[admin@Home] /interface pptp-client> add user=Home password=123 connect-to=192.168.80.1 disabled=no
[admin@Home] /interface pptp-client> print
Flags: X - disabled, R - running
 0    name="pptp-out1" max-mtu=1460 max-mru=1460 mrru=disabled connect-to=192.168.80.1 user="Home" 
       password="123" profile=default-encryption add-default-route=no dial-on-demand=no 
       allow=pap,chap,mschap1,mschap2
[admin@Home] /interface pptp-client>

Now we need to add route to reach local network behind Home router

[admin@RemoteOffice] /ip route> add dst-address=10.1.202.0/24 gateway=172.16.1.2

Now after tunnel is established and routes are set, you should be able to ping remote network.

sumber asli : http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: