Hello all,

yesterday i noticed that we had some issues with our internet connection. Even if at beginning the problem seemed to be DNS, we found out that it was because of enabled web proxy on the mikrotik 3011 v6.39. We realized that there was vulnerability on that version therefore we went ahead and updated to version 6.42.5.

viewtopic.php?f=21&t=133533

We blocked some services from working and everything seem to work fine except pptp. We have a basic pptp setup in order to connect to the site via windows 10 or android OS. The setup was just to enable the PPTP server, make PPTP Server Binding, create profile (username and password). It was working perfect before the attack.

Any ideas from where to start digging?

Thanks

Crank up logging would be were I would start.

Sent from my ONEPLUS A5010 using Tapatalk

ditch pptp is very old and vulnerable. use sstp for win10 and server certificate or win 10 deny to connect. it is better protocol and has better connectivity tried pptp to bridge 2 routers and could not pass traffic due to packet fragmentation but with sstp worked out of the box like a charm.

thank you

@nikc Even if the log of the Mikrotik returns me a confirmation that the connection was established, my laptop (windows 10 Pro) returns me an error.

Before completing my post, i found where my problem was and fixed it. It seems that the attack changed the authentication methods of the PPTP server.

@agnostic Thank you for your suggestion. Since i am not familiar with SSTP i need some time to find the correct configuration. Do you have any step by step guide in order to start building something?