Hello,

I'm a new Mikrotik user. I have a problem with a VPN server on a router behind my Mikrotik. It's a PPTP VPN. The Mikrotik is the router that has the PPPoE protocol for Internet connection and the VPN Server router is on the LAN interface. I have opened the TCP/UDP port 1723 to the IP of the VPN server router and GRE protocol (47) to the same IP in NAT and allowed the access of connections through port 1723 and GRE protocol in the filtering rules. The configuration I have applied is this:

/ip firewall filter
add action=accept chain=input comment="ACEPTO CONEXIONES VPN" dst-port=1723 protocol=tcp
add action=accept chain=input dst-port=1723 protocol=udp
add action=accept chain=forward comment="PROTOCOLO GRE" protocol=gre
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=1723 protocol=tcp to-addresses=192.168.1.2 to-ports=1723
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=1723 protocol=udp to-addresses=192.168.1.2 to-ports=1723
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx protocol=gre to-addresses=192.168.1.2
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=47 protocol=tcp to-addresses=192.168.1.2 to-ports=47
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=47 protocol=udp to-addresses=192.168.1.2 to-ports=47

I think the last two lines were not necessary but the connection to the router of the VPN server does not work even if I remove these lines.

Can someone help me with the setup? What am I missing?

Thanks in advance

I have the same issues both on PPTP and l2tp so I Kipp an eye in here....

For PPTP you will also need the helper, i.e.

You don't need all UDP rules and all input chain rules. And the last 2 dst-nat rules too.
Try to add this (if you have default firewall ruleset you don't need it)

Thanks, everybody. Sorry about my English. With the directions you gave me, the problem was solved. Again, thank you