How to Distribute Public IP using Mikrotik VPN

mamet zeroshell
mamet zeroshell
November 11, 2024

To distribute public IPs using a VPN on MikroTik, you can follow these steps:

1. Set Up the VPN Server

  • Configure a VPN server on your MikroTik router (e.g., L2TP, PPTP, or WireGuard).
  • Assign public IPs to the VPN server interface.

2. Create VPN Profiles

  • Go to PPP > Profiles and create profiles for each VPN user.
  • Assign a specific public IP to each profile under the "Local Address" or "Remote Address" fields.

3. Configure Firewall and NAT

  • Add firewall rules to allow VPN traffic.
  • Set up NAT rules to ensure proper routing of public IPs through the VPN.

4. Assign Public IPs to VPN Clients

  • When a client connects to the VPN, they will be assigned the public IP specified in their profile.

5. Test the Configuration

  • Connect a VPN client and verify that the assigned public IP is being used for internet traffic.

This time we will learn the Mikrotik config rule, how to distribute public IP to routers in different locations using VPN on Mikrotik.

On the main router, we first activate the VPN server, here we use a very simple PPTP.

We create a profile and pool on the VPN, create a bridge interface to include the related interface, because our public interface uses a VLAN, we will enter the VLAN into the bridge.

On the branch router, we create a PPTP client account profile, and provide routing to the public IP gateway destination after connecting, and NAT directs the output interface to the public bridge.

as follows:

# Server side


# IP and gateway configuration
/ip address add address=103.xx.xx.29/24 interface=bridge-public
/ip route add gateway=103.xx.xx.2

# Create a br-public bridge and add VLAN 99
/interface bridge add name=br-public
/interface vlan add name=vlan99 interface=br-public vlan-id=99
/interface bridge port add bridge=br-public interface=vlan99

# PPTP Server Configuration
/interface pptp-server server set enabled=yes
/ppp profile add name=profile-pptp-br local-address=172.16.2.1 remote-address=172.16.2.2-172.16.2.254
/ppp secret add name=vpn-cabang password=password_vpn profile=profile-pptp-br service=pptp



# Client side


/interface bridge add name=bridge-public

/interface pptp-client add name=pptp-pusat connect-to=103.xx.xx.29 user=vpn-cabang password=password_vpn profile=profile-pptp-br 

/ppp profile add name=profile-pptp-br bridge=bridge-public

/ip address add address=103.xx.xx.30/24 interface=bridge-public

/ip route add dst-address=103.xx.xx.29 gateway=192.168.88.1
/ip route add dst-address=0.0.0.0/0 gateway=103.xx.xx.2

/ip firewall nat add chain=srcnat out-interface=bridge-public action=src-nat to-addresses=103.xx.xx.30
Related Posts
Scroll to top
Code Copied!