pptp服务做site-to-site 回首页
说明: 
    192.168.5.0/24 办公端的局域网IP地址段
    192.168.0.0/24 家里的局域网IP地址段
    办公室是由tp-links路由器把pptp转发到routeos的
    办公端的公网IP由ddns解析提供(ipaddr.ddns.us)
    家里由routeos发起连接
------------------------------------------------------------------------------------------------


### 1.创建办公端 pptp服务 #
/ppp secret add name=user01t1 service=pptp password=passw0rd local-address=172.16.1.1 remote-address=172.16.1.2 routes="192.168.0.0/24 172.16.1.2 1"
#### routes="192.168.0.0/24 172.16.1.2 1, 192.168.10.0/24 172.16.1.2 1" ####
/ppp secret print detail
/interface pptp-server server set enabled=yes
/interface pptp-server server print

### 这句省略, 因为办公室是由tp-links路由器把pptp转发到routeos的,而不是由routeos #
#/ip route add dst-address=192.168.5.0/24 gateway=pptp-out1

#/ip fir nat add chain=srcnat src-address=192.168.5.0/24 dst-address=192.168.0.0/24 action=accept comment="pptp for site to site"

### 2.创建home端 pptp客户端 #
#/ip fir nat add chain=srcnat src-address=192.168.0.0/24 dst-address=192.168.5.0/24 action=accept comment="pptp for site to site"

### 因为两边都是ADSL,拨号地址总是变化,写个计划任务每分钟检查,如变化就重建接口和路由 #
## ---- begin ---- ##

:local pptpUser1 "user"
:local pptpPasswd1 "passwd"
:local pptpServer1 "ipaddr.ddns.us"
:local pptpServerNet1 "192.168.5.0/24"
:local pptpClientGateway1 "pptp_to_isee"
###:local pptpClientGatewayIP "172.16.1.1"

:global lastServerIP1
:if ([ :typeof $lastServerIP1 ] = nil ) do={ $lastServerIP1 "0" }
:put "lastServerIP1: $lastServerIP1"

:local curServerIP1
:set curServerIP1 [:resolve $pptpServer1]
:put "curServerIP1: $curServerIP1"

:if ( $curServerIP1 != "" ) do={
:if ( $curServerIP1 != $lastServerIP1 ) do={

    :global tmptmp [ip route find comment=link_to_isee]
    :put "sn: abc $tmptmp def"
    :if ($tmptmp != "") do={
# 移走路由 #
        :ip route remove [ip route find comment="link_to_isee"]
    } else={
        :put "no this interface: link_to_isee. added!"
    }

    :global tmptmp [interface pptp-client find comment=pptp2isee]
    :put "sn: abc $tmptmp def"
    :if ($tmptmp != "") do={
# 移走接口 #
        :interface pptp-client remove pptp2isee
    } else={
        :put "no this route: pptp2isee. added!"
    }

# 重设接口 #
    :interface pptp-client add name=pptp_to_isee comment=pptp2isee user=$pptpUser1 password=$pptpPasswd1 connect-to=$curServerIP1 disabled=no
# 重设路由 #
    :ip route add dst-address=$pptpServerNet1 gateway=$pptpClientGateway1 comment=link_to_isee

    :log info ("更新IP: " . $curServerIP1)
#----更新后把ip设为最新的ip----#
    :global lastServerIP1 $curServerIP1

}
}

## ---- end ---- ##

参考:
1.pptp站对站
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP#Site-to-Site_PPTP
http://blog.butchevans.com/2008/09/mikrotik_routeros_transparent_bridge_pptp_eoip/
2.pptp桥接
http://wiki.mikrotik.com/wiki/Manual:BCP_bridging_%28PPP_tunnel_bridging%29

3.sstp site-to-site的做法
#服务端
/ppp secret add name=tttbbb service=sstp password=passw0rd local-address=172.16.2.1 remote-address=172.16.2.2 routes="192.168.5.0/24 172.16.2.2 1"
/ppp secret print detail

/certificate import file-name=ca.crt
/certificate import file-name=ca.key
/certificate import file-name=server.crt
/certificate import file-name=server.key

/certificate set 0 name=CA
/certificate set 0 name=server

/interface sstp-server server set certificate=server
/interface sstp-server server set enabled=yes
/interface sstp-server server set verify-client-certificate=yes
/interface sstp-server server print

#客户端
/interface sstp-client add user=tttbbb password=passw0rd connect-to=123.116.116.232 disabled=no certificate=server verify-server-certificate=yes
/ip route add dst-address=192.168.5.0/24 gateway=sstp-out1