Mikrotik as a PPTP server for Android

Reading time: 4 – 6 minutes

Two years ago I installed a Mikrotik Cloud Switch and lately I stoped my pfSense and I started using that switch as my network router, firewall and also as a switch. RouterOS is really powerful and allows to do a lot of things with that hardware. One of those things is set-up a VPN server based on PPTP. This is not the most secure way to create VPNs but usually the only requirement is a little bit of security on top of an IP over IP service that allows us to use local service when we’re in remote. In my case I have a lot of services in my LAN and I need some of them when I’m out of home specially I need to use them from my mobile phone.

Next steps describe how I set-up a PPTP server on my Mikrotik server allowing my Android 6 device (Huawei Mate 8) to connect to my home services through the VPN. Bellow you have a simple schema representing the schenario of the solution:

architecture

I’m only going to describe steps from the web console, of course, all those steps can be done using Winbox or the command line. To be honest I’m not used to RouterOS CLI but I think it’s not difficult to figure out the CLI commands to get the same result.

First step is set-up a pool of IP addresses to be assigned to the tunnel endpoints.

01-ip-pool

02-ip-pool

Thanks to an ARP proxy those IP addresses will be available like local IPs, this is transparent for the VPN configuration.

00-arp-proxy

configuration of connection profile is done inside “Profiles” tab:

05-profiles

first of all create a new profile called “default-encription”:

061-profiles

and another profile called “pptp-profile”:

06-profiles

“Secrets” tab is where you have to manage users, in my case only two users are created:

07-secrets

configuration details about my user are:

08-secrets

Inside PPP menu there is a button with a label “PPTP server” click there…

03-pptp-server

… and copy next settings:

04-pptp-server

Don’t forget to check that your PPTP port is accessible from your public IP address. Remember it’s 1723/TCP.

Android configuration is simple, first of all go to “settings” icon. Look for a “More” section bellow network options, and you’ll find VPN managment. Add a new connection, define a name, the type and the IP address and leave the rest by default. After that when you come back to VPN list you’ll find your new VPN in the list, click there and just set-up your PPTP credentials.

android

If you have some trouble the only thing that you can do is go to Mikrotik logs or start sniffing to figure out where is the problem. I had to do some tests before it was working but in the end everything was so simple like I explained here.

Good luck and enjoy it.

Thanks to next blog entries to inspire me:

 

 

  • RĂ¼diger Gerolf Biernat

    Nice tutorial. Unfortunately you made a mistake. It’s port 1723/TCP -NOT- 1703/TCP.

    I also strongly suggest NOT to use PP2P any longer. In 2012 it could be cracked in under a day:
    http://www.computerworld.com/article/2505117/cyberwarfare/tools-released-at-defcon-can-crack-widely-used-pptp-encryption-in-under-a-day.html
    It’s 2017 now and I assume that an agency or else can crack it in less than “under a day”.

  • Thanks for your note, I fixed my error in the port number.

    BTW, as I said in my blog entry I know that PPTP, not PP2P, is not a secure VPN protocol but anyway it fits perfectly with what I need in this case, and no sensitive information will be transferred in the tunnel, so it’s more than enough for the scenario what I need. Anyway thanks for your comments, I appreciate it.

  • Kostya Ko

    Hello
    I try to configuration, but can’t connection from a mobilephone.
    Firewall rule added
    Could you give me advice where is my error?
    Thank you!

  • Hi Kostya, if you don’t give me more information I don’t know how to help you. My first advice is try to follow instructions step by step carefully and when you have a doubt about how to apply one of those tell me why you don’t know how to follow.

    Regards.