Tag Archives: mikrotik

PPTP Server Setup on Mikrotik

In this post, we’ll see how to configure the PPTP server on Mikrotik.


Login to the Mikrotik RouterOS via Winbox and go to the IP —> Pool:


Read more of this post


Linux IPSec Site-to-Site VPN: AWS VPC & Mikrotik Router

In this tutorial, we will use the Site-to-Site VPN scenario with the modification and one of the customer site that is using Mikrotik router, which is also acting as gateway for LAN plus the vpn gateway while from the AWS side, we are using the exact same Ubuntu Linux router.

Please review the previous tutorial before starting this tutorial, as I’ll use the previous tutorial as the base for this one.


Note: Please don’t waste your time in hacking, all these public devices and IP(s) are Temporary, I have destroyed them after finished this tutorial.

VPN Configuration on Mikrotik Site:

Open the IP->IPsec window in WinBox:


Read more of this post

Multiple DHCP Servers on single Mikrotik


Mikrotik dhcp server with 3 network cards (LAN,Wireless,WAN), WAN is connected to Internet, Wireless is connected to the subnet and serve as dhcp server  while LAN interface serve for subnet.

Read more of this post

Configure Mikrotik DHCP to assign ip address to only authorized client(s) {2nd Method}

To achieve the same goal, you can also consult this post and decide yourself that which method suit you better!



Mikrotik is working as dhcp, dns, and default gateway for local network.

Read more of this post

OSPF routing between Cisco,Ubuntu,CentOS and Mikrotik Router!


  • Routers: 1 Ubuntu Linux with 3 nics, 1 Centos Linux with 3 nics, 1 Cisco 3640 Router with 3 FastEthernet interfaces and 1 Mikrotik Router with 2 interfaces.
  • Clients: 3 Windows Xp with 1 nic.
IP Details

All the Routers in this scenario have a default password of “zebra“.

Cisco Router:

  • fe0/0:
  • fe1/0: /24
  • fe2/0: Getting through DHCP


  • eth0:
  • eth1:
  • eth2:


  • eth0:
  • eth1:
  • eth2:

Mikrotik Router:

  • ether1:
  • ether2:


  • Ubuntu-Desktop:
  • WinXP-1:
  • WinXP-2:
  • WinXP-3:

Cisco Router Configuration:

UbuntuRouter Configuration:

Restart the Router!!!

CentOSRouter Configuration:

Restart the Router!!!

Mikrotik Router Configuration:

Neighbor verification from Routers:

Route verification from Routers:

Test from Clients:

Make a simple test from Ubuntu-Desktop.

Make a simple test from WinXP-1.

Make a simple test from WinXP-2.

Make a simple test from WinXP-3.

Configure NAT on Cisco Router:

This is just a bonus section, in which we will configure the NAT on Cisco router and also propagate the default route in OSPF. I connect my Cisco Router to DSL Modem and configure it so that it will take IP address through DHCP, as well as configure the inside and outside interface for NAT.

Lazy man access -list for NAT (This is not the perfect access list):

NAT Overload:

Originate the default route in OSPF:

Verify the last resort information on Cisco Router:

Check default route information on all routers 🙂

Hope this will help you!

Please Remember me in your prayers!

Enjoy 🙂

How to block facebook in Mikrotik using L7 Protocols (Layer 7)

In Some Scenarios , We May need to Block Facebook Social Website or some others …In this tutorial, I will show you, how to achieve this goal using L7 (Layer7).

This tutorial consists of two parts:

1- Block facebook website for everyone on local network.

2- Allow facebook for specific host(s) and block for others on local network.

1- Block facebook website for everyone on local network.

First we check that Facebook is currently working on our local network or not?

Check the IP address of our client?

We need to create new Regexp rule at Layer7 Protocols, in order to block the facebook for our local network.

To achieve this goal, please follow these steps:


Now, we need to create Filter Rule, using these steps:

Now test the rule, that we just created:

Try also on 2nd client (

Check that it only block facebook or other websites also?

Oh yes, our rule is working perfectly 🙂

2- Allow facebook for specific host(s) and block for others on local network.

Now, we want to allow facebook for 2nd client ( but still want to block it for other host(s).

To accomplish this goal, we need to create a second Filter rule, to do this, please follow these steps:

Move this rule at the top:

Test this rule on 2nd client (

Verify the rule on Mikrotik:

Verify that, facebook is still blocked for other host(s) on the local network:

Verify the rule(s) on Mikrotik:

Drop packets rate are incremented!

We can do the same for youtube or any other website!

Hope this will help you!

Please Remember me in your prayers!

Enjoy 🙂

Mikrotik as Gateway

Note: This is not the best tutorial on Mikrotik, but it is one of easiest tutorial to configure Mikrotik as gateway 🙂


In this scenario, Mikrotik will work as dhcp, dns, and default gateway for local network.

Local Network :

Public: (In this scenario)

I assume that you already install the fresh copy of mikrotik  on any low end (P III, P IV or whatever) machine. Default username is “admin” and there is no password , by default.

Login to the Mikrotik router:

After login, you will see the screen something like this:

After login, first thing we need to do is to change password:


Check the interface(s) Setting by using this command:

interface print

Change the interface(s )name by using these commands:

interface set 0 name=WAN
interface set 1 name=LAN

Now, check the interface(s) again:

interface print

Assign the ip address to LAN interface:

ip address add address= interface=LAN

Assign the ip address to WAN interface:

ip address add address= interface=WAN

Now, check the ip address setting:

ip address print

Add the default route using this command:

ip route add gateway=

Check the routing table:

ip route print

DNS setup on Mikrotik:

ip dns set primary-dns= secondary-dns=
ip dns set allow-remote-requests=yes 

DNS settings check:

ip dns print

DHCP Configuration:

ip dhcp-server setup

Configuration of NAT on Mikrotik:

ip firewall nat add chain=srcnat action=masquerade out-interface=WAN

Testing from one of the Local Network’s Client:

Hope this will help you!

Please Remember me in your prayers!

%d bloggers like this: