Hello guys!

I have a problem with my VPN configuration.

I'm usung RB 433AH with ROS 3.17.

I'm trying to get access to my LAN (172.20.0.x / 24) using VPN connection.

I configured eth1 on RB with LAN address (172.20.0.250), and I added eth2 public address (83.3.251.75/29), added default route, then I configured PPTP server.

VPN connection is working correctly (I can get inside LAN), but ONLY when I'm using other public address within the same subnet (i.e. 83.3.251.76/29).
The problem is, when I'm trying to connect via VPN from internet - it doesn't work (no connection).

Obviously I must have forgot about something, but what?? Would appreciate any suggestions.

Simple network diagram below.

Here's the /ip route print detail output from my RB 433AH:

Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=83.3.251.73,bridge1
interface=bridge1,bridge1 gateway-state=reachable,reachable
distance=1 scope=30 target-scope=10

1 ADC dst-address=83.3.251.72/29 pref-src=83.3.251.74 interface=bridge1
distance=0 scope=10

2 ADC dst-address=172.20.0.0/24 pref-src=172.20.0.250 interface=ether3
distance=0 scope=10

3 ADC dst-address=172.20.0.253/32 pref-src=172.20.0.250
interface=<pptp-internal> distance=0 scope=10

Guys please, I really need some help with this.

please read this link maybe can help u

http://forum.mikrotik.com/viewtopic.php?f=10&t=27382

0 A S dst-address=0.0.0.0/0 gateway=83.3.251.73,bridge1
interface=bridge1,bridge1 gateway-state=reachable,reachable
distance=1 scope=30 target-scope=10

route configuration is wrong

remove your current default route and add this one
/ip route add gateway=83.3.251.73

and is there any reason why public IP is on the bridge interface?

As for using bridge interface - I have no particular reason for that. So I removed bridge interface.

In the mean time I upgraded to ROS 3.19.

It seems that in few cases I have managed to establish VPN connection to the router - but it was disconnected very fast.

I've changed default route configuration as You suggested. I'll check it out today.

Btw here's my log (before above changes):

(failed login attempt from internet)
jan/21 19:55:40 pptp,info TCP connection established from 83.4.129.165
jan/21 19:55:40 pptp,ppp,info <pptp-0>: waiting for call...
jan/21 19:55:46 pptp,ppp,info <pptp-0>: terminating...
jan/21 19:55:46 pptp,ppp,info <pptp-0>: disconnected

(successfull login from local subnet 83.3.251.72/29)
08:38:46 pptp,info TCP connection established from 83.3.251.77
08:38:46 pptp,ppp,info <pptp-0>: waiting for call...
08:38:47 pptp,ppp,info formInternet: authenticated
08:38:48 pptp,ppp,info formInternet: connected
08:38:48 pptp,ppp,info,account internal logged in, 172.20.0.233
08:38:48 pptp,ppp,info formInternet: using encoding - MPPE128 stateless


It looks to me as if VPN server was ok. But the problem is somewhere at routing level.

Ok I can say that problem was solved.

mrz You were right, my default route rule was wrong.

Thank You for Your support