Create remote VPN to office network
Q: I just bought a Routerbox and was hoping to use it to connect to my office VPN, and automatically route packets for the office over he VPN. But, I am having problems getting the basic VPN functionality to work. Please see attached for my config, but basically, I have a standard DLS Router and then the Mikrotik behind that.
ANSWER:
Take a look at the log (click 'log' on winbox main menu) and review what is happening with the pptp dialler. When it is connected, you should see a capital letter 'R' show up in the left hand column next to the pptp virtual interface in 'interfaces' list. (see snapshot for example)
On the PPTP-client dial-out tab, I recommend that you do NOT enable “add default route” or “dial on demand”.
Dial on demand will cause the connection to drop unless there is traffic attempted to send across the vpn. If that option is disabled, the router will attempt to keep the vpn link active at all times.
If you enable ‘add default route’, all traffic passing through the router will be sent across that link, including traffic destined for internet locations.
In order to send only traffic destined for your office lan across the vpn, you will want to add a static route. Click ‘IP->Routes’ then click ‘+’:
In the example shown, the remote (office) network is 192.168.0.0/24 and the remote pptp gateway is 10.1.2.3 – you should modify those for your specific requirements.
You probably will also want to use address translation to map your LAN hosts to the vpn IP address. Click ‘IP->firewall->NAT’ and click ‘+’. On the ‘General’ tab, select ‘srcnat’ for the chain, and select the pptp virtual interface from the ‘out Interface’ list. Select the ‘action’ tab, and choose ‘masquerade’
That is essentially all of the common steps that you need to take in order to achieve what youy are attempting to do.
Any more questions? Just ask! No bother at all :-)
Cheers, Mike.