MikroTik

Community discussions
https://forum.mikrotik.com/

PPTP connection problem

https://forum.mikrotik.com/viewtopic.php?t=106231

Page 1 of 1

PPTP connection problem

Posted: Fri Mar 25, 2016 4:37 pm
by OthP
Hello,

I am new on the Mikrotik platform. I tried to configure an RB2011 device, but i have problems to make work PPTP VPN server. Everythink just working fine, but not PPTP server.

When i try to connect, i see the following log entries (i changed my public IP to m.m.m.m):

11:07:07 pptp,info TCP connection established from m.m.m.m
11:07:07 pptp,ppp,info,account administrator logged in, 192.168.16.230
11:07:07 pptp,ppp,info <pptp-administrator>: authenticated
11:07:07 pptp,ppp,info <pptp-administrator>: terminating...
11:07:07 pptp,ppp,info,account administrator logged out, 0 18 28 3 4
11:07:07 pptp,ppp,info <pptp-administrator>: disconnected
11:07:11 pptp,info TCP connection established from m.m.m.m
11:07:11 pptp,ppp,info,account administrator logged in, 192.168.16.230
11:07:11 pptp,ppp,info <pptp-administrator>: authenticated
11:07:11 pptp,ppp,info <pptp-administrator>: terminating... - disconnected
11:07:11 pptp,ppp,info,account administrator logged out, 0 18 28 3 4
11:07:11 pptp,ppp,info <pptp-administrator>: disconnected
11:07:15 pptp,info TCP connection established from m.m.m.m
11:07:15 pptp,ppp,info,account administrator logged in, 192.168.16.230
11:07:15 pptp,ppp,info <pptp-administrator>: authenticated
11:07:15 pptp,ppp,info <pptp-administrator>: terminating...
11:07:15 pptp,ppp,info,account administrator logged out, 0 18 28 3 4
11:07:15 pptp,ppp,info <pptp-administrator>: disconnected

Can you help me, where the problem is?

My current config:
Code: Select all

# mar/25/2016 12:31:16 by RouterOS 6.34.3
# software id = 8VNN-Y7PQ
#
/interface bridge
add name="LAN bridge"
/interface ethernet
set [ find default-name=ether1 ] name="ether1 - WAN"
set [ find default-name=ether2 ] name="ether2 - LAN"
set [ find default-name=ether3 ] master-port="ether2 - LAN" name=\
    "ether3 - Wifi"
set [ find default-name=ether4 ] master-port="ether2 - LAN"
set [ find default-name=ether5 ] master-port="ether2 - LAN"
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] master-port=ether6
set [ find default-name=sfp1 ] master-port="ether2 - LAN"
/interface pppoe-client
add add-default-route=yes disabled=no interface="ether1 - WAN" \
    keepalive-timeout=disabled name="Tcom internet" password=password user=\
    user@provider
/interface vlan
add interface="LAN bridge" name="Guest VLAN" vlan-id=2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name="Guest pool" ranges=192.168.2.100-192.168.2.254
add name=PPTP_VPN_Pool ranges=192.168.16.220-192.168.16.240
/ppp profile
add dns-server=192.168.16.5 local-address=192.168.16.1 name=PPTP_VPN_profile \
    remote-address=PPTP_VPN_Pool
/interface bridge port
add bridge="LAN bridge" interface="ether2 - LAN"
add bridge="LAN bridge" interface=ether6
add bridge="LAN bridge" interface="Guest VLAN"
/interface pptp-server server
set default-profile=PPTP_VPN_profile enabled=yes
/ip address
add address=192.168.16.1/24 interface="LAN bridge" network=192.168.16.0
add address=192.168.2.1/24 interface="Guest VLAN" network=192.168.2.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface="ether1 - WAN"
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=84.2.44.1,84.2.46.1 gateway=192.168.2.1
/ip dns
set servers=8.8.8.8
/ip firewall address-list
add address=n.n.n.n list=itmgmt
add address=n.n.n.n/n list=itmgmt
add address=n.n.n.n list=itmgmt
add address=n.n.n.n list=itmgmt
/ip firewall filter
add chain=input comment="PPTP VPN GRE" protocol=gre
add chain=input comment="PPTP VPN" dst-port=1723 protocol=tcp
add chain=forward
add chain=input comment="itmgmt network incoming" in-interface=\
    "Tcom internet" src-address-list=itmgmt
add chain=forward comment="levelez\E9s tilt\E1s" dst-port=25 in-interface=\
    "LAN bridge" protocol=tcp src-address=192.168.16.5
add chain=forward dst-address=84.2.46.3 dst-port=25 in-interface="LAN bridge" \
    protocol=tcp
add action=drop chain=forward comment="levelez\E9s tilt\E1s" dst-port=25 \
    in-interface="LAN bridge" protocol=tcp src-address=192.168.0.0/16
add chain=input comment="felepult kapcsolatok beengedese" connection-state=\
    established,related
add action=drop chain=input comment=\
    "kivulrol kezdemenyezett kapcsolatok blokkolasa" in-interface=\
    "Tcom internet"
/ip firewall nat
add action=masquerade chain=srcnat out-interface="Tcom internet" src-address=\
    192.168.16.0/24
add action=masquerade chain=srcnat out-interface="Tcom internet" src-address=\
    192.168.2.0/24
add action=dst-nat chain=dstnat comment="RDP Nat" dst-port=3389 in-interface=\
    "Tcom internet" protocol=tcp src-address-list=itmgmt to-addresses=\
    192.168.16.5 to-ports=3389
/ppp aaa
set use-radius=yes
/radius
add address=192.168.16.5 secret=secret service=ppp
/system clock
set time-zone-name=Europe/Budapest
/system identity
set name=somerou
/system ntp client
set enabled=yes primary-ntp=148.6.0.1
BR,

Peter

Re: PPTP connection problem

Posted: Fri Mar 25, 2016 9:10 pm
by pukkita
Enable radius debug, look at radius entry, status tab, are you sure it's isn't a problem of radius communication/auth?

Additionaly you created an VLAN interface "hanging" from the Lan bridge, then added it back to the Lan bridge; delete it from the bridge, all you need is the vlan interface hanging from the bridge if you want that vlan to be available from all ports.

Re: PPTP connection problem

Posted: Sun Mar 27, 2016 7:05 pm
by OthP
I tried also with local authentication, but problem persisted. I will follow your suggestions regarding bridge and vlan, and report back...

Re: PPTP connection problem

Posted: Thu Mar 31, 2016 7:44 pm
by OthP
Deleted VLAN from Bridge, but PPTP still dead :(

Re: PPTP connection problem

Posted: Thu Mar 31, 2016 8:46 pm
by OthP
Just one thing:

I just tried to configure a PPTP client connection from a Mikrotik router (same model) to this "non-working" PPTP server, and _it works!_

I adjusted the ip routes on both sides, and i was able to connect two sites with PPTP client-server connection.

But when i try to connect to the very same PPTP server from a non-mikrotik device (Windows PC or Mac), the connection fails..

I tried to adjust MTU, MRU to no avail..

I am clueless :(

Re: PPTP connection problem

Posted: Thu Mar 31, 2016 8:51 pm
by pukkita
Looks like client specific settings then, maybe the client requires encryption to connect? No encryption on your PPTP profile...

Enable PPTP debug and look what happens when the client tries to connect.

Re: PPTP connection problem

Posted: Fri Apr 01, 2016 12:24 pm
by OthP
pukkita,

Thank you so much! Encryption was set to "default". I changed it to "required", and it works now!

Thank you again,

Peter

Re: PPTP connection problem

Posted: Sat Jun 06, 2020 11:25 am
by retaheri
I have same problem but it was not solved by your solution!
my client has an android version 8 (last updated) and when he try to connect to pptp server on my mikrotik x86 6.40.3 in "Log" these lines appears:
tcp connection established from x.x.x.
user x authentication failed!
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/