My Mikrotik PPTP configuration file. This is a working config.

This is a working PPTP configuration I used to connect two Mikrotik routers together using a PPTP configuration on a local LAN.

# jan/01/2002 01:56:00 by RouterOS 6.2
# software id = 8HHI-TYLD
#
/interface bridge
add admin-mac=D4:CA:6D:31:02:53 auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=\
    indoors l2mtu=2290 mode=ap-bridge ssid=MikroTik-310257
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \
    wpa-pre-shared-key=35F5021EEE6F wpa2-pre-shared-key=35F5021EEE6F
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
add name=proposal1
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
/port
set 0 name=serial0
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password=12345 \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no time-zone=-00:00
/tool user-manager profile
add name=test name-for-users="" override-shared-users=off owner=admin price=0 \
    starts-at=logon validity=0s
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=wlan1 \
    network=192.168.88.0
add address=1.1.1.2/24 interface=ether2-master-local network=1.1.1.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.88.1
add chain=srcnat dst-address=192.168.0.0/16 src-address=192.168.88.1
/ip ipsec peer
add address=1.1.1.1/32 hash-algorithm=sha1 secret=test1
add address=192.168.1.1/32 hash-algorithm=sha1 secret=test1
/ip ipsec policy
add dst-address=192.168.1.0/24 proposal=proposal1 sa-dst-address=1.1.1.1 \
    sa-src-address=1.1.1.2 src-address=192.168.88.0/24 tunnel=yes
/ip route
add distance=1 gateway=ether2-master-local
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1-gateway disabled=yes display-time=5s
set ether2-master-local disabled=yes display-time=5s
set ether3-slave-local disabled=yes display-time=5s
set ether4-slave-local disabled=yes display-time=5s
set ether5-slave-local disabled=yes display-time=5s
/system leds
set 0 interface=wlan1
/system routerboard settings
set cpu-frequency=360MHz
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=10.5.50.1 log=\
    auth-fail name=router1 shared-secret=weepingangels use-coa=no
/tool user-manager user
add customer=admin disabled=no name=wifi1 password=Ayumisan1 shared-users=1 \
    wireless-enc-algo=aes-ccm wireless-enc-key="" wireless-psk=11111111

I hope that someone will find this configuration useful. You just need to reverse some settings on the other device and this will work for you.

No comments have been made. Use this form to start the conversation :)

Leave a Reply