MikroTik Router OS V3.0 User Manual

							disconnected.
max-mru(integer; default:1480) - Maximum Receive Unit. The optimal value is the MTU of the
interface the tunnel is working over decreased by 20 (so, for 1500-byte Ethernet link, set the MTU
to 1480 to avoid fragmentation of packets)
max-mtu(integer; default:1480) - Maximum Transmission Unit. The optimal value is the MTU of
the interface the tunnel is working over decreased by 20 (so, for 1500-byte Ethernet link, set the
MTU to 1480 to avoid fragmentation of packets)
max-sessions(integer; default:0) - maximum number of clients that the AC can serve
•0- unlimited
mrru(integer: 512..65535; default:disabled) - maximum packet size that can be received on the
link. If a packet is bigger than tunnel MTU, it will be split into multiple packets, allowing full size
IP or Ethernet packets to be sent over the tunnel
•disabled- disable MRRU on this link
one-session-per-host(yes|no; default:no) - allow only one session per host (determined by MAC
address). If a host will try to establish a new session, the old one will be closed
service-name(text) - the PPPoE service name
Notes
 	



(	 !+  L 
 
 	 *  
 
 
+ 
 
  




 

 

 
 
  
  
 
  
	
  ( 
  


 

 	
  
0

 
  

 	
 	
 *$ 	 
 
 

	    (
 
 $$$F 8
 

!
 0 	
 
	
 $ &

 $$$ ( 
 
  
   
 
  	



 	 
 0
 6
 
 	
  
	 
 9

 
	 !


 


 H9
	
 
7

 
 
 



H  0  	 
 /G/D  


   
 ( $	
0
( 	  $   
	 
 
 
Example
 	 $$$F ( 

 !

	 (
( 	
 	
 
 
 



  

[admin@MikroTik] interface pppoe-server server> add interface=ether1 \\... service-name=ex one-session-per-host=yes[admin@MikroTik] interface pppoe-server server> printFlags: X - disabled0 X service-name=ex interface=ether1 mtu=1480 mru=1480 mrru=disabledauthentication=mschap2,mschap,chap,pap keepalive-timeout=10one-session-per-host=yes max-sessions=0 default-profile=default[admin@MikroTik] interface pppoe-server server>
PPPoE Tunnel Interfaces
Home menu level:/interface pppoe-server
Description
 	 
 
  

	 &


 
 
 $$$ ( 
	

 7 
	
  	
 
	
Page 220 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							



 +
 

	  	
  	 


 
	 
 
 (
 ( !
	
 

	 	
	 	

	
(  
  	 
 
 
 
 	
	 

	 
	 &
 	  
 	
  
 	
	  5
	 

	 	 	 
 
 
 	
	
	 
(
	   


 	
 
 
	  

 	
 	
 

 
	
 

 & 
 	 
 

  	
(
		 	 
 	
 

  
 		
 


 

	 
  
 	 
	 5
	


	 		 
 	  


 	
 		 
 
  


  
   


 
 


 	
  
	
  
 
 
	

 & 	 
 	    
 	



   
	
  	
 	 
	
 

  1  
 
  	 
  
	

	



	
 
 
 	 $$$  
  
  7 
	
 

  

 	
$$$ 
	


Property Description
encoding(read-only: text) - encryption and encoding (if asymmetric, separated with /) being used
in this connection
mru(read-only: integer) - clients MRU
mtu(read-only: integer) - clients MTU
name(name) - interface name
remote-address(read-only: MAC address) - MAC address of the connected client
service(name) - name of the service the user is connected to
uptime(read-only: time) - shows how long the client is connected
user(name) - the name of the connected user (must be present in the user darabase anyway)
Example
 ( 
 

 


 
[admin@MikroTik] interface pppoe-server> printFlags: X - disabled, D - dynamic, R - running# NAME USER SERVICE REMOTE... ENCODING UPTIME0 DR  user ex 00:0C:... MPPE12... 40m45s[admin@MikroTik] interface pppoe-server>
 


 
 
[admin@MikroTik] interface pppoe-server> remove [find user=ex][admin@MikroTik] interface pppoe-server> print
[admin@MikroTik] interface pppoe-server>
Application Examples
PPPoE in a multipoint wireless 802.11g network
*
 	  

 
 $$$F ( 	  	

	 
 	
 + $

 &	  	 
 	 	 
	


  
	

 F
  
 ! 

  6
 $$$F 

 	 


 
 
 +
$

  $$$F 	


	

 #
  
 ! 

 
 	 

	 	  
 
 0 /G.. 

	
 
 $$$F 

	 	  
 
 0 /
						

							0  
 6
  

	 	
 
 


A
  
 
 
 
  
  6 +$   

 
	
	

 	

 
 	 

 
 	


	


#
  	 
  

	   

[admin@PPPoE-Server] interface wireless> set 0 mode=ap-bridge \frequency=2442 band=2.4ghz-b/g ssid=mt disabled=no[admin@PPPoE-Server] interface wireless> printFlags: X - disabled, R - running0 X name=wlan1 mtu=1500 mac-address=00:0C:42:18:5C:3D arp=enabledinterface-type=Atheros AR5413 mode=ap-bridge ssid=mt frequency=2442band=2.4ghz-b/g scan-list=default antenna-mode=ant-a wds-mode=disabledwds-default-bridge=none wds-ignore-ssid=no default-authentication=yesdefault-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0hide-ssid=no security-profile=default compression=no[admin@PPPoE-Server] interface wireless>
9 
 
 F


 

	 	 
 *$ 	 	
 
 
 	
 

[admin@PPPoE-Server] ip address> add address=10.1.0.3/24 interface=Local[admin@PPPoE-Server] ip address> printFlags: X - disabled, I - invalid, D - dynamic# ADDRESS NETWORK BROADCAST INTERFACE0 10.1.0.3/24 10.1.0.0 10.1.0.255 Local[admin@PPPoE-Server] ip address> /ip route
Page 222 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							[admin@PPPoE-Server] ip route> add gateway=10.1.0.1[admin@PPPoE-Server] ip route> printFlags: X - disabled, A - active, D - dynamic,C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,B - blackhole, U - unreachable, P - prohibit# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTER...0 ADC 10.1.0.0/24 10.1.0.3 0 Local1 A S 0.0.0.0/0 r 10.1.0.1 1 Local[admin@PPPoE-Server] ip route> /interface ethernet[admin@PPPoE-Server] interface ethernet> set Local arp=proxy-arp[admin@PPPoE-Server] interface ethernet> printFlags: X - disabled, R - running# NAME MTU MAC-ADDRESS ARP0 R Local 1500 00:0C:42:03:25:53 proxy-arp[admin@PPPoE-Server] interface ethernet>
6  	 $$$F ( 
 
  

	
[admin@PPPoE-Server] interface pppoe-server server> add interface=wlan1 \service-name=mt one-session-per-host=yes disabled=no[admin@PPPoE-Server] interface pppoe-server server> printFlags: X - disabled0 service-name=mt interface=wlan1 max-mtu=1480 max-mru=1480 mrru=disabledauthentication=pap,chap,mschap1,mschap2 keepalive-timeout=10one-session-per-host=yes max-sessions=0 default-profile=default[admin@PPPoE-Server] interface pppoe-server server>
#
	  	
 
  $$$F 


[admin@PPPoE-Server] ip pool> add name=pppoe ranges=10.1.0.100-10.1.0.200[admin@PPPoE-Server] ip pool> print# NAME RANGES0 pppoe 10.1.0.100-10.1.0.200[admin@PPPoE-Server] ip pool> /ppp profile[admin@PPPoE-Server] ppp profile> set default use-encryption=yes \local-address=10.1.0.3 remote-address=pppoe[admin@PPPoE-Server] ppp profile> printFlags: * - default0 * name=default local-address=10.1.0.3 remote-address=pppoeuse-compression=no use-vj-compression=no use-encryption=yes only-one=nochange-tcp-mss=yes
1 * name=default-encryption use-compression=defaultuse-vj-compression=default use-encryption=yes only-one=defaultchange-tcp-mss=default[admin@PPPoE-Server] ppp profile> .. secret[admin@PPPoE-Server] ppp secret> add name=w password=wkst service=pppoe[admin@PPPoE-Server] ppp secret> add name=l password=ltp service=pppoe[admin@PPPoE-Server] ppp secret> printFlags: X - disabled# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS0 w pppoe wkst default 0.0.0.01 l pppoe ltp default 0.0.0.0[admin@PPPoE-Server] ppp secret>
  	( 
 
 
	

 	
 	 
 $	
 	 	 
 


 

*



 
 $$$F 

 
	


	
 6
 B$ 
7
 

 
 


 
 +!$$$ F  

 !  
  	

 

 


 6
 

  
	
 6
 B$ 
  
 

 
 8 


 *
 
 	

 (  	
 

 
	
  

 

 	
	
Troubleshooting
Description
Page 223 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							•4  
 
  5558 % #  
   
   

J 
 4 
 
 
$ 
	  
	
  	(  	 (	 59! ( 
 
 
 &

  
 	


		

•#  5558   $  
   
  
 	  

J $  
  




J 
   
  $  

!
 



		
 &
 
 $$$F ( 
	

 
!+ E 	

 

 

 
    
  

 
  /. 



	
  



		
  
 
+	
 
		
 &
 $$$
 


  
 


 
 

 
  	 
 


 
 
  ( 


 
		
 
 $$$F ( 
	

   
 

•? C
$ @5 

 
 
 
 
  5558 
E 	( 
  
 H!( 9	H 
 
 
  
 B$ $$$F 

 * 
 ( 
	 


 
  
  

 	
 
 ( 
	  
  $$$F (  
 
 H
  H
  
 
  H(
 	 7 


 H
•4 $
 
    	 5558 
 

 
3
 
 
 	
 
 

 
 	


	
 
	 
 $$$ 
 
Page 224 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							PPTP Tunnel
Document revision 1.7 (January 16, 2008, 9:10 GMT)
This document applies to MikroTik RouterOS V3.0
Table of Contents
TableofContents
GeneralInformation
Summary
QuickSetupGuide
Specifications
Description
AdditionalDocuments
PPTPClientSetup
PropertyDescription
Notes
Example
MonitoringPPTPClient
PropertyDescription
Example
PPTPServerSetup
Description
PropertyDescription
Notes
Example
PPTPTunnelInterfaces
Description
PropertyDescription
Example
PPTPApplicationExamples
Router-to-RouterSecureTunnelExample
ConnectingaRemoteClientviaPPTPTunnel
PPTPSetupforWindows
SampleinstructionsforPPTP(VPN)installationandclientsetup-Windows98SE
Troubleshooting
Description
General Information
Summary
$$$ &$

 
 $

 

 $
 
 

 


 ( *$   
 !


	

 
 
  
 $$$ 

 	
 (
I
	 		

  $$$ 



• 
7
7
 


 ( 
 *



Page 225 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							•

 &
 	 *

	

  A+9
•	
 	
 *

	

1A+9  	 	
  
 & 

 &
F	 $$$ 



    	 ( 	
 	 

   
 ! 	 


 	 	 (
 

   (	 
	

 
 	  
 (   



 	
 

  





 # 	 
 

 	
   


 
 	 6
 -... ( 	


 
  	

 
  
 	 $$$ (
Quick Setup Guide
 	 	 $$$ 


 

 -  
 
 *$ 	!+%*%(%!+1&$$$ ( 	

!+%!%+%!9&&$$$ 

  
 

 

•3
	

 
 $$$ ( 

1.+ 	 
[admin@PPTP-Server] ppp secret> add name=user password=passwd \\... local-address=10.0.0.1 remote-address=10.0.0.2
2.F
	 
 $$$ (
[admin@PPTP-Server] interface pptp-server server> set enabled=yes
•3
	

 
 $$$ 

 

1.+ 
 $$$ 


[admin@PPTP-Client] interface pptp-client> add user=user password=passwd \\... connect-to=10.5.8.104 disabled=no
Specifications
Packages required:ppp
License required:level1 (limited to 1 tunnel), level3 (limited to 200 tunnels), level5
Home menu level:/interface pptp-server, /interface pptp-client
Standards and Technologies:PPTP(RFC2637)
Hardware usage:Not significant
Description
$$$  	  


  
	


 *$ 
	 
 $$$ $$$ 
		
 $$$ 
 (
	 
 
	
 

( *$ $$$ 
	
 $$$ 	
 $$F &
 $

 
 $

 F


 
 	 

 
 
  
 
  
 	 7	
	  



 

 
 	  	 



 	
 $$$ 

 &

 	 	(		  	
1 
 
 	
 	  ! 

 6



 $$$ &$  
 
  
 ( 0 &
 	
 
 
	

 72 /
						

							$$$ 
 $$$ 	


	

 	
 	


  	 $$$ 



 # 	


	

 	

	


  	 



 	  
 
 	 +5*0! 

  	
$$F D.
 3D 	
 $$F /-C
 3D 


 	 

$$$ 
	  3$ 
 /N-: 	
 *$ 
 IF &I
 

 F
		

 *$ 
 *5 DN 	
	
  
 *



 +
 9 +

 &*+9+ $$$ 	
   
 
 	 	


  
	
 
	 

  3$ 
 /N-: 	
 
 DN 
	 
  
 
 

	  

$$$ 



 	  
   
 
 
 	 	8	19+ *$ 



 $	
 
 
 	
 #3 
 
    
	


Additional Documents
•

11

1	1	
1
1

	

K


•

11

1
11	
18/G-1C1DN	
•

11
11-G:N

S
J-G:N
•

11
11:.NC

S
J:.NC
•

11
11:.N;

S
J:.N;
PPTP Client Setup
Home menu level:/interface pptp-client
Property Description
add-default-route(yes|no; default:no) - whether to use the server which this client is connected
to as its default router (gateway)
allow(multiple choice: mschap2,mschap1,chap,pap; default:mschap2, mschap1, chap, pap) -
the protocol to allow the client to use for authentication
connect-to(IP address) - The IP address of the PPTP server to connect to
max-mru(integer; default:1460) - Maximum Receive Unit. The optimal value is the MRU of the
interface the tunnel is working over decreased by 40 (so, for 1500-byte Ethernet link, set the MRU
to 1460 to avoid fragmentation of packets)
max-mtu(integer; default:1460) - Maximum Transmission Unit. The optimal value is the MTU of
the interface the tunnel is working over decreased by 40 (so, for 1500-byte Ethernet link, set the
MTU to 1460 to avoid fragmentation of packets)
mrru(integer: 512..65535; default:disabled) - maximum packet size that can be received on the
link. If a packet is bigger than tunnel MTU, it will be split into multiple packets, allowing full size
IP or Ethernet packets to be sent over the tunnel
•disabled- disable MRRU on this link
name(name; default:pptp-outN) - interface name for reference
password(text; default:) - user password to use when logging to the remote server
profile(name; default:default) - profile to use when connecting to the remote server
Page 227 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							user(text) - user name to use when logging on to the remote server
Notes
!
 0 	
 
	
 $ &

 $$$ ( 
 
  
   
 
  	



 	 
 0
 6
 
 	
  
	 
 9

 
	 !


 


 H9
	
 
7

 
 
 



H  0  	 
 /G/D  


   
 ( $	
0
( 	  $   
	 
 
 
Example
 
  $$$ 

 
	

&
 

	= 
 	= 
 


 
 
!+%!%!%!&
$$$ ( 	
  
 	 
 	
 	
	
[admin@MikroTik] interface pptp-client> add name=test2 connect-to=10.1.1.12 \\... user=john add-default-route=yes password=john[admin@MikroTik] interface pptp-client> printFlags: X - disabled, R - running0 X name=test2 max-mtu=1460 max-mru=1460 mrru=disabled connect-to=10.1.1.12user=john password=john profile=default add-default-route=yesallow=pap,chap,mschap1,mschap2[admin@MikroTik] interface pptp-client> enable 0
Monitoring PPTP Client
Command name:/interface pptp-client monitor
Property Description
encoding(text) - encryption and encoding (if asymmetric, separated with /) being used in this
connection
idle-time(read-only: time) - time since the last packet has been transmitted over this link
mru(read-only: integer) - effective MRU of the link
mtu(read-only: integer) - effective MTU of the link
status(text) - status of the client
•dialing- attempting to make a connection
•verifying password...- connection has been established to the server, password verification in
progress
•connected- self-explanatory
•terminated- interface is not enabled or the other side will not establish a connection
uptime(time) - connection time displayed in days, hours, minutes and seconds
Example
F	  	
 
	 




[admin@MikroTik] interface pptp-client> monitor test2status: connecteduptime: 6h44m9sidle-time: 6h44m9sencoding: MPPE128 stateless
Page 228 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners. 
						

							mtu: 1460mru: 1460[admin@MikroTik] interface pptp-client>
PPTP Server Setup
Home menu level:/interface pptp-server server
Description
 $$$ ( 	
 	 
	 

	  	 


 $$$ 

  $$$ 



 

 

 
 
 
 
 (  	( A(/ 
 	 / $$$ 

 A(:  A(D

  
 -.. 

 	
 A(<  A(G 
  

 	( $$$ 

 
	


Property Description
authentication(multiple choice: pap|chap|mschap1|mschap2; default:mschap2) -
authentication algorithm
default-profile- default profile to use
enabled(yes|no; default:no) - defines whether PPTP server is enabled or not
keepalive-timeout(time; default:30) - defines the time period (in seconds) after which the router is
starting to send keepalive packets every second. If no traffic and no keepalive responses has came
for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
max-mru(integer; default:1460) - Maximum Receive Unit. The optimal value is the MRU of the
interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MRU
to 1460 to avoid fragmentation of packets)
max-mtu(integer; default:1460) - Maximum Transmission Unit. The optimal value is the MTU of
the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the
MTU to 1460 to avoid fragmentation of packets)
mrru(integer: 512..65535; default:disabled) - maximum packet size that can be received on the
link. If a packet is bigger than tunnel MTU, it will be split into multiple packets, allowing full size
IP or Ethernet packets to be sent over the tunnel
•disabled- disable MRRU on this link
Notes
!
 0 	
 
	
 $ &

 $$$ ( 
 
  
   
 
  	



 	 
 0
 6
 
 	
  
	 
 9

 
	 !


 


 H9
	
 
7

 
 
 



H  0  	 
 /G/D  


   
 ( $	
0
( 	  $   
	 
 
 
Example
 
	 $$$ (
[admin@MikroTik] interface pptp-server server> set enabled=yes[admin@MikroTik] interface pptp-server server> printenabled: yes
Page 229 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.