Jul 27

Mikrotik as a PPTP server for Android

Reading time: 4 – 6 minutes

Two years ago I installed a Mikrotik Cloud Switch and lately I stoped my pfSense and I started using that switch as my network router, firewall and also as a switch. RouterOS is really powerful and allows to do a lot of things with that hardware. One of those things is set-up a VPN server based on PPTP. This is not the most secure way to create VPNs but usually the only requirement is a little bit of security on top of an IP over IP service that allows us to use local service when we’re in remote. In my case I have a lot of services in my LAN and I need some of them when I’m out of home specially I need to use them from my mobile phone.

Next steps describe how I set-up a PPTP server on my Mikrotik server allowing my Android 6 device (Huawei Mate 8) to connect to my home services through the VPN. Bellow you have a simple schema representing the schenario of the solution:

architecture

I’m only going to describe steps from the web console, of course, all those steps can be done using Winbox or the command line. To be honest I’m not used to RouterOS CLI but I think it’s not difficult to figure out the CLI commands to get the same result.

First step is set-up a pool of IP addresses to be assigned to the tunnel endpoints.

01-ip-pool

02-ip-pool

Thanks to an ARP proxy those IP addresses will be available like local IPs, this is transparent for the VPN configuration.

00-arp-proxy

configuration of connection profile is done inside “Profiles” tab:

05-profiles

first of all create a new profile called “default-encription”:

061-profiles

and another profile called “pptp-profile”:

06-profiles

“Secrets” tab is where you have to manage users, in my case only two users are created:

07-secrets

configuration details about my user are:

08-secrets

Inside PPP menu there is a button with a label “PPTP server” click there…

03-pptp-server

… and copy next settings:

04-pptp-server

Don’t forget to check that your PPTP port is accessible from your public IP address. Remember it’s 1723/TCP.

Android configuration is simple, first of all go to “settings” icon. Look for a “More” section bellow network options, and you’ll find VPN managment. Add a new connection, define a name, the type and the IP address and leave the rest by default. After that when you come back to VPN list you’ll find your new VPN in the list, click there and just set-up your PPTP credentials.

android

If you have some trouble the only thing that you can do is go to Mikrotik logs or start sniffing to figure out where is the problem. I had to do some tests before it was working but in the end everything was so simple like I explained here.

Good luck and enjoy it.

Thanks to next blog entries to inspire me:

 

 

Jan 29

Routerboard CRS125-24G-1S-2HnD-IN (Mikrotik) Cloud Switch

Reading time: 1 – 2 minutes

I bought this product a few weeks ago and finally I can enjoy it at home. With this product you have a firewall, gateway, switch and wireless box with:

  • 25x Gigabit Ethernet ports
  • 1x Fiber channel
  • 3G, 4G or any optional USB modem
  • With RouterOS inside you can manage: gateway, firewall, VPN and ad-hoc switching and routing configurations
  • 1000mW high power 2.4GHz 11n wireless AP
CRS125-24G-1S-2HnD-IN

CRS125-24G-1S-2HnD-IN

The official product page is here where you can find brochure in PDF and other useful information.

If you are looking for a powerful product for your SOHO network this is the solution as I like to say ‘this is one of the best communications servers’. It will be very difficult to find some feature or functionality that you can not get from this product. The product is robust and stable with the flexibility of RouterOS.

Jun 27

Montar un HotSpot Gateway amb Mikrotik i Linksys WRT54GL (català)

Reading time: < 1 minute

A finals de maig vaig escriure un petit manual de com configurar un Mikrotik per fer de HotSpot amb diferents Linksys WRT54GL fent de bridge per ampliar la cobertura d’accés a internet. Doncs bé, el manual que vaig fer era en anglès i en Byteman l’ha traduït al català així doncs aquí teniu els l’enllaços:

La topologia de l’enginy és aquesta:

topologia-xarxa-thumb.png
May 31

Montar un HotSpot Gateway amb Mikrotik i Linksys WRT54GL

Reading time: 1 – 2 minutes

La setmana passada vaig posar en producció un hotel amb un HotSpot controlat per un Mikrotik RouterBoard 150 i amb diversos AP Linksys WRT54GL funcionant com a bridge. Bàsicament la idea és la d’aquest gràfic:

topologia-xarxa-thumb.png

Doncs bé si voleu montar-ho al wiki ahir vaig fer aquest document per mirar d’ajudar als interessats: DIY HotSpot Wifi. Per cert, l’he fet en anglès perquè m’ho ha demanat gent que no enten el català. Si algú s’anima a fer la traducció que avisi que li dono accés al wiki i en un moment ho té arreglat. De totes formes ja veureu que he escrit ben poc i és molt entendor tot el que posa ja que el realment important és la configuració del Mikrotik.

Per altre banda, qualsevol dubte o consulta ja ho sabeu, podeu penjar comentari en aquest mateix article i faré el possible per ajudar-vos.