MikroTik: Setup A Client-to-Site SSTP VPN (Part 2)

Now that we’ve completed the first part of this guide, MikroTik: Setup A Client-to-Site SSTP VPN (Part 1), we’ll be moving forward with the client-side setup & configuration for ClientX. I’ve chosen to utilize the Connection Manager Administration Kit (CMAK) to setup and configure the SSTP VPN for ClientX because it allows a simple way to modify the Microsoft Windows route table post VPN connection, which will allow ClientX to take advantage of VPN Split Tunneling. Split Tunneling enables the client to route traffic destined for a specific subnet (SiteX’s local subnet) out a specific gateway (VPN gateway), while all other internet traffic defaults to the clients’ local gateway. In addition, CMAK allows administrators to create executable files that can be used to easily deploy the VPN to remote clients.

Again, ClientX is running Microsoft Windows 10. However, we’ll first need to install and configure CMAK on a separate machine, preferably one used for management. In this guide, I used my home PC running Microsoft Windows 10. In the Windows 10 Control Panel, open “Programs and Features”. Select “Turn Windows features on or off, tick the “RAS Connection Manager Administration Kit (CMAK)” option and click the “OK” button.

Install The Connection Manager Administration Kit (CMAK)

Configure/Create The VPN Package Via CMAK

Now that the CMAK is installed we can now launch the application. In the Control Panel, select “Administrative Tools” and open the “Connection Manager Administration Kit”. This will start the CMAK wizard where we will configure the SSTP VPN settings and create the installer package for ClientX.

As you have probably noticed, most of the setup so far has been straightforward. However, for this next part, we will need to briefly pause where we are at in the CMAK wizard to create a txt file that will be used for the post-connection route table entry. Meaning, the route table will be modified after successfully connecting to the VPN. This will enables split tunneling for ClientX.

  1. Create a blank txt file.
  2. Copy and Paste the command in the code box below into the blank txt file.
  3. Save the text file as “routetable.txt” to a location of your choosing.
  4. In the CMAK wizard, select “Define a routing table update” and click Browse to select the routetable.txt that was previously created.
  5. Click the “Next” button to continue the CMAK wizard configuration/setup.
ADD 192.168.100.0 MASK 255.255.252.0 default METRIC default IF default

The above command can be broken down as follows: Command Destination MASK Netmask Gateway METRIC Metric IF Interface

Keep in mind that you will need to change the destination and subnet mask as needed. In this guide, 192.168.100.0 is the SiteX’s private network, which the VPN has access to. This will allow ClientX to access resources on the 192.168.100.0 network, while traffic destined for any other network will use ClientX’s local gateway.

Install The VPN Client

After completing the CMAK wizard, navigate to “C:\Program Files\CMAK\Profiles\Windows Vista and above\SetupVPN\” and run SetupVPN.exe to begin the installation.

Header

Leave a Comment

Your email address will not be published. Required fields are marked *