Difference between revisions of "Manual:Interface/PPTP"

From MikroTik Wiki
Jump to: navigation, search
(Created page with '{{Versions|v3, v4}} <div class=manual> <h2>Summary</h2> <p><b>Standards:</b> <code>RFC 2637</code></p> <br /> <p> PPTP is a secure tunnel for transporting IP traffic using PPP…')
 
Line 140: Line 140:
 
</pre>
 
</pre>
  
<h3>Monitoring</h3>
+
<h2>PPTP Server</h2>
 +
<p><b>Sub-menu:</b> <code>/interface pptp-server</code></p>
 +
 
 +
 
 +
This sub-menu shows interfaces for each connected PPTP clients. If interface is not explicitly added, it will appear as dynamic interface.
 +
 
 +
 
 +
<h3>Server configuration</h3>
 +
<p><b>Sub-menu:</b> <code>/interface pptp-server server</code></p>
 +
 
 +
 
 +
 
 +
<h2>Monitoring</h2>
 +
Monitor command can be used to monitor status of the tunnel on both client and server.
 
<pre>
 
<pre>
 
[admin@dzeltenais_burkaans] /interface pptp-client> monitor 0
 
[admin@dzeltenais_burkaans] /interface pptp-client> monitor 0
Line 152: Line 165:
 
</pre>
 
</pre>
  
 +
<b>Read-only properties</b>
 +
{{Mr-arg-table-h
 +
|prop=Property
 +
|desc=Description
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=status
 +
|type=
 +
|desc=Current PPTP status. Value other than "connected" indicates that there are some problems estabising tunnel.
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=uptime
 +
|type=time
 +
|desc=Elapsed time since tunnel was established.
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=idle-time
 +
|type=time
 +
|desc=Elapsed time since last activity on the tunnel.
 +
}}
  
<h2>PPTP Server</h2>
+
{{Mr-arg-ro-table
<p><b>Sub-menu:</b> <code>/interface pptp-server</code></p>
+
|arg=encoding
 +
|type=
 +
|desc=Used encryption method
 +
}}
  
 +
{{Mr-arg-ro-table
 +
|arg=mtu
 +
|type=integer
 +
|desc=Negotiated and used MTU
 +
}}
  
This sub-menu shows interfaces for each connected PPTP clients. If interface is not explicitly added, it will appear as dynamic interface.
+
{{Mr-arg-ro-table
 +
|arg=mru
 +
|type=integer
 +
|desc=Negotiated and used MRU
 +
}}
  
<h3>Server configuration</h3>
+
</table>
<p><b>Sub-menu:</b> <code>/interface pptp-server server</code></p>
 
  
 
<h2>Application Examples</h2>
 
<h2>Application Examples</h2>

Revision as of 14:05, 26 March 2010

Version.png

Applies to RouterOS: v3, v4

Summary

Standards: RFC 2637


PPTP is a secure tunnel for transporting IP traffic using PPP. PPTP encapsulates PPP in virtual lines that run over IP. PPTP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links. The purpose of this protocol is to make well-managed secure connections between routers as well as between routers and PPTP clients (clients are available for and/or included in almost all OSs including Windows).

Multilink PPP (MP) is supported in order to provide MRRU (the ability to transmit full-sized 1500 and larger packets) and bridging over PPP links (using Bridge Control Protocol (BCP) that allows to send raw Ethernet frames over PPP links). This way it is possible to setup bridging without EoIP. The bridge should either have an administratively set MAC address or an Ethernet-like interface in it, as PPP links do not have MAC addresses.

PPTP includes PPP authentication and accounting for each PPTP connection. Full authentication and accounting of each connection may be done through a RADIUS client or locally.

MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.

PPTP traffic uses TCP port 1723 and IP protocol GRE (Generic Routing Encapsulation, IP protocol ID 47), as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for TCP port 1723 and protocol 47 traffic to be routed through the firewall or router.

PPTP connections may be limited or impossible to setup though a masqueraded/NAT IP connection. Please see the Microsoft and RFC links listed below for more information.

PPTP Client

Sub-menu: /interface pptp-client

Properties

Property Description
add-default-route (yes | no; Default: no) Whether to add PPTP remote address as a default route.
allow (mschap2 | mschap1 | chap | pap; Default: mschap2, mschap1, chap, pap) Allowed authentication methods.
connect-to (IP; Default: ) Remote address of PPTP server
dial-on-demand (yes | no; Default: no)
disabled (yes | no; Default: yes) Whether interface is disabled or not. By default it is disabled
max-mru (integer; Default: 1460) Maximum Receive Unit. Max packet size that PPTP interface will be able to receive without packet fragmentation.
max-mtu (integer; Default: 1460) Maximum Transmission Unit. Max packet size that PPTP interface will be able to send without packet fragmentation.
mrru (disabled | integer; Default: disabled) Maximum packet size that can be received on the link. If a packet is bigger than tunnel MTU, it will be split into multiple packets, allowing full size IP or Ethernet packets to be sent over the tunnel. Read more >>
name (string; Default: ) Descriptive name of the interface.
password (string; Default: "") Password used for authentication.
profile (name; Default: default-encryption) Used PPP profile.
user (string; Default: ) User name used for authentication.


Quick example

This example demonstrates how to set up PPTP client with username "pptp-hm", password "123" and server 10.1.101.100

[admin@dzeltenais_burkaans] /interface pptp-client>add name=pptp-hm user=pptp-hm password=123 \
\... connect-to=10.1.101.100 disabled=no
[admin@dzeltenais_burkaans] /interface pptp-client> print detail   
Flags: X - disabled, R - running 
 0    name="pptp-hm" max-mtu=1460 max-mru=1460 mrru=disabled 
      connect-to=10.1.101.100 user="pptp-hm" password="123" 
      profile=default-encryption add-default-route=no dial-on-demand=no 
      allow=pap,chap,mschap1,mschap2 

PPTP Server

Sub-menu: /interface pptp-server


This sub-menu shows interfaces for each connected PPTP clients. If interface is not explicitly added, it will appear as dynamic interface.


Server configuration

Sub-menu: /interface pptp-server server


Monitoring

Monitor command can be used to monitor status of the tunnel on both client and server.

[admin@dzeltenais_burkaans] /interface pptp-client> monitor 0
     status: "connected"
     uptime: 7h24m18s
  idle-time: 6h21m4s
   encoding: "MPPE128 stateless"
        mtu: 1460
        mru: 1460

Read-only properties

Property Description
status () Current PPTP status. Value other than "connected" indicates that there are some problems estabising tunnel.
uptime (time) Elapsed time since tunnel was established.
idle-time (time) Elapsed time since last activity on the tunnel.
encoding () Used encryption method
mtu (integer) Negotiated and used MTU
mru (integer) Negotiated and used MRU

Application Examples


Read More