Hello,

I have setup VPN PPTP Server on Home Mikrotik. I can connect and also see all the devices
in my network (ping, rdp, vnc, etc). Everything is working as I want.

Recently I added some rules in Firewall and I found that the following rule
add comment="Drop All Forward" chain=forward action=drop log=yes log-prefix="Drop_All_Forward"
is messing up my VPN.
I can connect OK but I can't see any device. If I disable this rule everything is OK.

Is there any rule I can add before this one to fix it.

thank you

provide results of: /ip firewall filter print

Here is all my firewall filter rules

chain=input action=accept protocol=tcp in-interface=ether9-WAN dst-port=1723 log=no log-prefix=""
chain=input action=accept protocol=gre in-interface=ether9-WAN log=no log-prefix=""
chain=input action=accept connection-state=established,related log=no log-prefix=""
chain=input action=accept in-interface=bridge1 log=no log-prefix=""
chain=forward action=accept connection-state=established,related log=no log-prefix=""
chain=forward action=accept src-address=192.168.1.0/24 out-interface=ether9-WAN log=no log-prefix=""
chain=forward action=accept connection-state=established,related,new connection-nat-state=dstnat in-interface=ether9-WAN log=no log-prefix=""
chain=input action=accept connection-state=established,related,new connection-nat-state=dstnat in-interface=ether9-WAN log=no log-prefix=""
chain=input action=accept protocol=tcp in-interface=ether9-WAN dst-port=5555 log=no log-prefix=""
chain=input action=accept protocol=udp in-interface=ether9-WAN dst-port=5555 log=no log-prefix=""
chain=input action=drop connection-state=invalid log=yes log-prefix="Drop_invalid_packets"
chain=forward action=drop src-address-list=NotPublic in-interface=ether9-WAN log=yes log-prefix="Bogon Forward Drop"
chain=input action=drop src-address-list=NotPublic in-interface=ether9-WAN log=yes log-prefix="Drop all packets from public internet which should not exist in public network"
chain=forward action=drop log=yes log-prefix="Drop_All_Forward"
chain=input action=drop dst-address-type=!local log=yes log-prefix="Drop all packets which are not destined to routes IP address"
chain=input action=drop src-address-type=!unicast log=yes log-prefix="Drop all packets which does not have unicast source IP address"
chain=forward action=drop dst-address-list=NotPublic in-interface=bridge1 log=yes log-prefix="Drop all packets from local network to internet which should not exist in public network"
chain=forward action=drop src-address=!192.168.1.0/24 in-interface=bridge1 log=yes log-prefix="Drop all packets in local network which does not have local network address"
chain=input action=drop protocol=udp in-interface=ether9-WAN dst-port=53 log=no log-prefix="DNS_DROP"
chain=input action=drop protocol=tcp in-interface=ether9-WAN dst-port=53 log=no log-prefix=""
chain=input action=drop log=yes log-prefix="Input_ALL_Drop"

I was hoping to see the firewall rule order, but you did not include that in the copy / paste, so I then assume the rule order is as per info pasted.

PS. My idea below is to treat the VPN subnet as another local LAN subnet.

I assume your VPN IP range is not the same as your LAN subnet, if so, good, else change
Then create 2 address lists, both called "LocalLAN" and in these add your local LAN subnet and your VPN Subnet.

Change the following rules:
As per my first line, if rule order is as per info pasted, then you might as well delete the following as they serve no purpose as they are after the forward drop all rule and just causes delays for the rules after them. If you would like to keep these rules, then move them to above the forward drop all rule, BUT after the rules I mentioned that need changing

Thanks for the replay. Rules order is like my post. I Didn't mention that, sorry.

I created address lists and changed the 2 rules like you said and Everything
is working like I want

Also I deleted the other 2 rules since there are no point to have them.

Thanks again.