[Mikrotik] PPTP Help

Chupaka chupaka at gmail.com
Thu Sep 2 06:28:20 CDT 2010


Again: can you ping your VPN server after PPtP is established? If no - then
add route to server's address via your local gateway.



2010/9/2 Rory McCann <rmm.lists at gmail.com>

>  I've unchecked the add default route option in Winbox. The connection
> resets after about 30 seconds (which is the timeout on the server)
> regardless of the setting though. I can attempt to ping a device directly
> through the tunnel interface in Winbox and it fails with 100% packet loss.
>
> Rory McCann
> Minn-Kota Ag Products
> /rory at mkap.com/ <mailto:rory at mkap.com>
>
>  On 9/1/2010 2:01 PM, james wrote:
>
>> Just an idea...is your default route going over the pptp tunnel once it
>> gets
>> established?
>>
>> I've made that mistake before
>>
>> -----Original Message-----
>> From: mikrotik-bounces at mail.butchevans.com
>> [mailto:mikrotik-bounces at mail.butchevans.com] On Behalf Of Rory McCann
>> Sent: 01 September 2010 04:27 PM
>> To: Mikrotik discussions
>> Subject: Re: [Mikrotik] PPTP Help
>>
>>   The 24.220.x.x IP address referenced is one of 5 addresses assigned to
>> the WAN interface on my router. I specifically assigned it there because
>> I only wanted PPTP accessible to the outside world on 1 IP address for a
>> little extra security/control.
>>
>> Rory McCann
>> Minn-Kota Ag Products
>> /rory at mkap.com/<mailto:rory at mkap.com>
>>
>> On 9/1/2010 9:17 AM, Chupaka wrote:
>>
>>> So, you try to use 24.220.x.x both as ethernet and VPN address for your
>>> server? Either set local-address=1.2.3.4 (any unused address) on server
>>> in
>>> profiles, or on the client add route to 24.220.x.x with your local
>>>
>> gateway,
>>
>>> so that PPTP packets won't go to the tunnel.
>>>
>>>
>>>
>>> 2010/9/1 Rory McCann<rmm.lists at gmail.com>
>>>
>>>   I don't know what I've done to mess up the configuration, but I can't
>>>>
>>> seem
>>
>>> to get a PPTP link between two MT routers to stay up. The connection
>>>> establishes and drops within 30 seconds, only to redial and repeat. No
>>>> traffic is able to be passed over it at this time.
>>>>
>>>> Here's the config on the server:
>>>> /interface pptp-server server
>>>> set authentication=mschap1,mschap2 default-profile=mkap enabled=yes
>>>> keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=1500
>>>>
>>>> Profile on the server:
>>>> /ppp profile
>>>> add change-tcp-mss=yes comment="Primary profile for MKAP VPN users"
>>>> dns-server=192.168.1.2,192.168.1.3 local-address=24.220.x.x name=\
>>>>     mkap only-one=no remote-address=VPN session-timeout=12h
>>>> use-compression=default use-encryption=required
>>>>
>>> use-vj-compression=default \
>>
>>>     wins-server=192.168.1.2,192.168.1.3
>>>>
>>>> (VPN is an address pool on the server)
>>>>
>>>> Here's the secret for the MT on the server:
>>>> /ppp secret
>>>> add caller-id="" comment="" disabled=no limit-bytes-in=0
>>>>
>>> limit-bytes-out=0
>>
>>> name=shop password=---- profile=mkap remote-address=\
>>>>     192.168.2.11 routes="" service=pptp
>>>>
>>>> Profile on the client:
>>>> /ppp profile
>>>> set default change-tcp-mss=yes comment="" name=default only-one=default
>>>> \
>>>>     use-compression=default use-encryption=default
>>>> use-vj-compression=default
>>>> add change-tcp-mss=yes comment="MKAP VPN" name=mkap-vpn only-one=no \
>>>>     session-timeout=12h use-compression=default use-encryption=required
>>>> \
>>>>     use-vj-compression=default
>>>>
>>>> Here's the PPTP interface on the client:
>>>> /interface pptp-client
>>>> add add-default-route=no allow=mschap1,mschap2 comment="" connect-to=\
>>>>     24.220.x.x dial-on-demand=no disabled=yes max-mru=1460 max-mtu=1460
>>>> \
>>>>     mrru=1500 name=mkap-pptp password=---- profile=mkap-vpn user=shop
>>>>
>>>>
>>>> The above configuration works absolutely fine when set up on a client
>>>> computer. It will not work when configured on a MT router. Both routers
>>>>
>>> are
>>
>>> running 4.10. The client router is connected to a PPPoE DSL connection
>>>>
>>> from
>>
>>> Qwest, MTU 1492. I can't seem to figure out what I'm missing here so any
>>>> help would be appreciated greatly. I'm thinking it's something simple
>>>> but
>>>>
>>> my
>>
>>> brain is fried and I need another set of eyes.
>>>>
>>>> Thanks!
>>>> --
>>>> Rory McCann
>>>> Minn-Kota Ag Products
>>>> /rory at mkap.com/<mailto:rory at mkap.com>
>>>> -------------- next part --------------
>>>> An HTML attachment was scrubbed...
>>>> URL:<
>>>>
>>>>
>> http://www.butchevans.com/pipermail/mikrotik/attachments/20100901/d8542a75/a
>> ttachment.html
>>
>>> _______________________________________________
>>>> Mikrotik mailing list
>>>> Mikrotik at mail.butchevans.com
>>>> http://www.butchevans.com/mailman/listinfo/mikrotik
>>>>
>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>> RouterOS
>>>>
>>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>>
>>> URL:<
>> http://www.butchevans.com/pipermail/mikrotik/attachments/20100901/78c7e
>> 07c/attachment.html>
>>
>>> _______________________________________________
>>> Mikrotik mailing list
>>> Mikrotik at mail.butchevans.com
>>> http://www.butchevans.com/mailman/listinfo/mikrotik
>>>
>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>
>> RouterOS
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:
>> <
>> http://www.butchevans.com/pipermail/mikrotik/attachments/20100901/b48ae556/
>> attachment.html>
>> _______________________________________________
>> Mikrotik mailing list
>> Mikrotik at mail.butchevans.com
>> http://www.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
>> _______________________________________________
>> Mikrotik mailing list
>> Mikrotik at mail.butchevans.com
>> http://www.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.butchevans.com/pipermail/mikrotik/attachments/20100901/4be18fa5/attachment.html>
>
>
> _______________________________________________
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> http://www.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20100902/00e740f5/attachment.html>


More information about the Mikrotik mailing list