How to Set Up PPTP VPN on MikroTik (Complete Tutorial)

In this guide, we will configure PPTP VPN on a MikroTik RouterOS step by step. You will learn both the server-side configuration (MikroTik) and the client-side configuration (Windows/Android). We will also cover firewall rules, NAT, verification commands, and important security best practices.

Why PPTP?

PPTP is one of the easiest VPN protocols to configure, supported by most operating systems (Windows, Android). However, PPTP is not secure compared to modern VPN protocols. For production, it’s highly recommended to use L2TP/IPsec, SSTP, or WireGuard. PPTP can still be useful for simple or legacy use cases.

Security note: PPTP uses MS-CHAP v2, which is considered weak. Only use it for testing, legacy systems, or in trusted environments with strong passwords.

What You Need

• MikroTik Router with RouterOS
• WAN (Public) IP address or domain name
• Client device (Windows 10/11, Android)

Step 1 — Create IP Pool and Profile

  Pool:
  /ip pool add name=pptp_pool ranges=10.10.50.2-10.10.50.254


Profile:
/ppp profile add name=pptp_profile local-address=10.10.50.1 remote-address=pptp_pool dns-server=8.8.8.8,8.8.4.4

Step 2 — Add PPTP User

/ppp secret add name=vpnuser1 password=Str0ngP@ss profile=pptp_profile service=pptp comment="VPN client user"
  

Step 3 — Enable PPTP Server

/interface pptp-server server set enabled=yes authentication=mschap2 default-profile=pptp_profile max-mtu=1460 max-mru=1460
  

Step 4 — Verification

• Check PPTP server status: /interface pptp-server server print
• Check active users: /ppp active print
• View logs: /log print where message~"ppp"

---

Step 5 Client Setup — Windows 10/11

1. Go to: Settings → Network & Internet → VPN → Add a VPN
2. Provider: Windows (built-in)
3. Connection name: MikroTik PPTP
4. Server: Your Public IP or Domain
5. VPN type: PPTP
6. Enter Username and Password (from /ppp secret)
7. Click Save → Connect

Client Setup — Android

1. Go to: Settings → Network & Internet → VPN → Add VPN
2. Type: PPTP
3. Server: Your Public IP or Domain
4. Enter Username and Password
5. Save and Connect

Note: Some Android versions no longer support PPTP due to security issues.

---

Troubleshooting

• Cannot connect: Check firewall rules and confirm ISP is not blocking PPTP.
• Authentication failed: Verify username/password in /ppp secret.
• No internet after connect: Make sure NAT rule is added and DNS servers are set.
• Slow or unstable connection: Lower MTU/MRU (e.g., 1460) and test.

Best Practices

• Use strong passwords and rotate them regularly.
• Limit user sessions with /ppp secret settings.
• Restrict access by source IP if possible.
• Monitor logs and active sessions for suspicious activity.
• Prefer L2TP/IPsec or WireGuard for production deployments.

See also my article:

How do I Update my MikroTik Router Firmware
CCR 2116-12G-4S+Full Review | Mikrotik Router
MikroTik Introduction | What is Mikrotik Router

---

Final Words

By following this tutorial, you can set up a PPTP VPN server on MikroTik and allow remote clients to connect. PPTP is easy to configure but has known security limitations. For secure production use, always consider alternatives like L2TP/IPsec, SSTP, or WireGuard.