MikroTik

Community discussions
https://forum.mikrotik.com/

Dynamic VPN PPTP & IP Pools?

https://forum.mikrotik.com/viewtopic.php?t=6097

Page 1 of 1

Dynamic VPN PPTP & IP Pools?

Posted: Mon Dec 26, 2005 5:42 am
by squintr
Hi There

Up until this afternoon I was running Mikrotik ver. 2.8.28. I took the config file from it and put it on another box with 2.9.10 loaded (rather than risking my working router). Everything is working great except that I can't login to the mikrotik box from home through VPN anymore.

When I try from Windows XP I get this:

Error 619: A connectoin to the remote computer could not be established, so the port used for this connection was closed.

The log file in Mikrotik says:

TCP connection established from (my home IP)
<pptp-0>: waiting for call...
(2 seconds later)
<pptp-0>: terminating...
<pptp-0>: disconnected


While this is going on I can see a connection called <pptp-0> popping up in the Interface list and then disappearing


I've never had a problem with this in version 2.8.x

Posted: Mon Dec 26, 2005 6:39 am
by squintr
Well I've found the problem -- I bypassed my Linksys router and it's connecting fine. I've been using the same router the whole time -- nothing has changed here -- just the MK upgrade from 2.8 to 2.9.

I'm updated the firmware on the router with still no success. I'm using a modified version of the Linksys firmware found here:
http://www.sveasoft.com/

VPN pass-throughs are set to enabled on the router.

Posted: Mon Dec 26, 2005 1:09 pm
by mag
seems that VPN is buggy in 2.9.9/.10 (see recent IPsec-post).
2.9.8 should be working.

Posted: Tue Dec 27, 2005 4:24 pm
by Eugene
Add 'debug' topic to the logging facility and check logs for more information:
Code: Select all
/system logging add topics=debug action=memory

Posted: Wed Dec 28, 2005 2:05 am
by whalen
I am having the same problem. I followed the directions exactly as the mikrotik documentation showed.

After the initial setup, i was able to connect just fine. I walked away for about 10 minutes, and when i came back, I started getting the same error as you had above....I am using 2.9.10. I am trying to downgrade to 2.9.8 and will see if that helps.

Posted: Wed Dec 28, 2005 2:46 am
by whalen
I am having the same problem. I followed the directions exactly as the mikrotik documentation showed.

After the initial setup, i was able to connect just fine. I walked away for about 10 minutes, and when i came back, I started getting the same error as you had above....I am using 2.9.10. I am trying to downgrade to 2.9.8 and will see if that helps.
Same issue after I downgraded to 2.9.8 :(

I tried to enable the debug, but couldn't figure out how to save it to a file, so i just had it echo to the screen. Here are the results:

Code: Select all
[rwhalen@WayLAN] >
  (8 messages discarded)
echo: pptp,debug,packet     vendor-name=Microsoft Windows NT
echo: pptp,debug,packet sent Start-Control-Connection-Reply to 12.198.5.5
echo: pptp,debug,packet     protocol-version=0x0100
echo: pptp,debug,packet     result-code=1
echo: pptp,debug,packet     error-code=0
echo: pptp,debug,packet     framing-capabilities=2
echo: pptp,debug,packet     bearer-capabilities=0
echo: pptp,debug,packet     maximum-channels=0
echo: pptp,debug,packet     firmware-revision=1
echo: pptp,debug,packet     host-name=WayLAN
echo: pptp,debug,packet     vendor-name=MikroTik
echo: pptp,debug,packet rcvd Outgoing-Call-Request from 12.198.5.5
[rwhalen@WayLAN] >
  (20 messages discarded)
echo: pptp,debug,packet     connect-speed=100000
echo: pptp,debug,packet     packet-recv-window-size=100
echo: pptp,debug,packet     packet-processing-delay=0
echo: pptp,debug,packet     physical-channel-id=0
echo: pptp,debug,packet rcvd Set-Link-Info from 12.198.5.5
echo: pptp,debug,packet     peers-call-id=10
echo: pptp,debug,packet     send-accm=0xffffffff
echo: pptp,debug,packet     receive-accm=0xffffffff
echo: pptp,debug,packet sent Set-Link-Info to 12.198.5.5
echo: pptp,debug,packet     peers-call-id=8192
echo: pptp,debug,packet     send-accm=0xffffffff
echo: pptp,debug,packet     receive-accm=0xffffffff
[rwhalen@WayLAN] >
echo: pptp,ppp,debug <12.198.5.5>: LCP timer
echo: pptp,ppp,debug,packet <12.198.5.5>: sent LCP ConfReq id=0x1
echo: pptp,ppp,debug,packet    <mru 1460>
echo: pptp,ppp,debug,packet    <magic 0x721da317>
echo: pptp,ppp,debug,packet    <auth  mschap2>
[rwhalen@WayLAN] >
echo: pptp,ppp,debug <12.198.64.100>: LCP timer
echo: pptp,ppp,debug <12.198.64.100>: LCP timeout waiting initial data
echo: pptp,ppp,debug <12.198.64.100>: LCP lowerdown
echo: pptp,ppp,debug <12.198.64.100>: PPP disconnected <>
echo: pptp,ppp,debug <12.198.64.100>: PPP destroy
echo: pptp,ppp,debug <12.198.64.100>: PPP stopped
echo: pptp,ppp,debug <12.198.64.100>: CCP lowerdown
echo: pptp,ppp,debug <12.198.64.100>: CCP down event in initial state
echo: pptp,ppp,debug <12.198.64.100>: IPCP lowerdown
echo: pptp,ppp,debug <12.198.64.100>: IPCP down event in initial state
[rwhalen@WayLAN] >

Posted: Thu Dec 29, 2005 11:09 am
by mag
could you post the relevant parts of your pptp-server configuration?

i found it usually helpful too, to look into the pptp-clients log.

Posted: Thu Dec 29, 2005 12:25 pm
by lastguru
do you hae any NAT on that router, or somewhere in the middle? if yes, then enable gre and pptp conntrack helpers in /ip firewall service-port

Posted: Sat Dec 31, 2005 5:20 pm
by whalen
Ok here is the config...I followed the 2.9 guide for setting up PPTP.

Code: Select all
[rwhalen@WayLAN] ip address> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE
 0   ;;; Internal LAN IP
     172.17.1.1/24      172.17.1.0      172.17.1.255    LAN      
 1   ;;; WLAN IP Address
     172.17.2.1/24      172.17.2.0      172.17.2.255    wlan1    
 2 D 68.73.11.31/24     68.73.11.0      68.73.11.255    WAN      
[rwhalen@WayLAN] ip address>
Code: Select all
[rwhalen@WayLAN] ppp secret> print
Flags: X - disabled 
 #   NAME                                   SERVICE CALLER-ID                            PASSWORD                             PROFILE            REMOTE-ADDRESS 
 0   rwhalen                                pptp                                         password                           default-encryption 172.17.1.44    
[rwhalen@WayLAN] ppp secret>
Code: Select all
[rwhalen@WayLAN] interface pptp-server> print
Flags: X - disabled, D - dynamic, R - running 
 #     NAME                                     USER         MTU        CLIENT-ADDRESS                          UPTIME   ENCODING                               
 0     waylan                                   rwhalen
Code: Select all
[rwhalen@WayLAN] interface pptp-server server> print
            enabled: yes
            max-mtu: 1460
            max-mru: 1460
     authentication: mschap1,mschap2
  keepalive-timeout: 30
    default-profile: default
Code: Select all
Flags: X - disabled, R - running 
 #    NAME                                                                                                                    MTU   MAC-ADDRESS       ARP       
 0  R ;;; WAN Interface (DHCP from SBC)
      WAN                                                                                                                     1500  00:0C:42:04:03:B9 enabled   
 1  R ;;; LAN Interface (172.17.1.0/24)
      LAN                                                                                                                     1500  00:0C:42:04:03:BA proxy-arp 
 2 X  ether3                                                                                                                  1500  00:0C:42:04:03:BB enabled

Posted: Sat Dec 31, 2005 5:22 pm
by whalen
do you hae any NAT on that router, or somewhere in the middle? if yes, then enable gre and pptp conntrack helpers in /ip firewall service-port
I looked at the ip firewall service-port list, and pptp and gre are enabled, but i noticed that pptp shows up as "I" (invalid). Why would this be??
Code: Select all
[rwhalen@WayLAN] ip firewall service-port> print
Flags: X - disabled, I - invalid 
 #   NAME                                                                                                                                                  PORTS
 0   ftp                                                                                                                                                   21   
 1 X tftp                                                                                                                                                  69   
 2 X irc                                                                                                                                                   6667 
 3 X h323                                                                                                                                                 
 4 X quake3                                                                                                                                               
 5 X mms                                                                                                                                                  
 6   gre                                                                                                                                                  
 7 I pptp                                                                                                                                                  1723

Posted: Wed Jan 04, 2006 3:49 pm
by whalen
any ideas?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/