Can’t ping local host when login using pptp vpn

Mark2012 · Thu Nov 08, 2012 2:07 pm

Hi,
I have on my mikrotik create a pptp server like describe on http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP I can connect with the vpn client. Also I can ping the mikrotik router. But I can’t ping any host on the local network. I have enabled proxy-arp on the local interface as described in the manual.

Has anyone any idea what I’m donning wrong. I'm using version 5.21 on RB450G

[admin@MikroTik] /ppp secret> print detail
Flags: X - disabled 
 0   name="user1" service=any caller-id="" password="test" profile=VPN-profile 
     routes="" limit-bytes-in=0 limit-bytes-out=0 
[admin@MikroTik] /ppp secret>

[admin@MikroTik] /ppp profile> print
Flags: * - default 
 0 * name="default" remote-ipv6-prefix-pool=none use-ipv6=yes use-mpls=default 
     use-compression=default use-vj-compression=default use-encryption=default 
     only-one=default change-tcp-mss=yes 

 1   name="VPN-profile" local-address=172.26.12.117 remote-address=VPN-pool 
     remote-ipv6-prefix-pool=(unknown) use-ipv6=yes use-mpls=default 
     use-compression=default use-vj-compression=default use-encryption=yes 
     only-one=default change-tcp-mss=yes dns-server=172.26.12.29,172.26.12.92 

 2 * name="default-encryption" remote-ipv6-prefix-pool=none use-ipv6=yes 
     use-mpls=default use-compression=default use-vj-compression=default 
     use-encryption=yes only-one=default change-tcp-mss=yes 
[admin@MikroTik] /ppp profile> 


[admin@MikroTik] /ip pool> print
 # NAME                                           RANGES                         
 0 default-dhcp                                   192.168.88.10-192.168.88.254   
 1 VPN-pool                                       172.26.12.200-172.26.12.250    
[admin@MikroTik] /ip pool> 


[admin@MikroTik] /interface pptp-server server> print
            enabled: yes
            max-mtu: 1460
            max-mru: 1460
               mrru: disabled
     authentication: mschap1,mschap2
  keepalive-timeout: 30
    default-profile: default-encryption
[admin@MikroTik] /interface pptp-server server> 


[admin@MikroTik] /interface ethernet> print
Flags: X - disabled, R - running, S - slave 
 #    NAME          MTU MAC-ADDRESS       ARP        MASTER-PORT      SWITCH     
 0 R  ether1-g...  1500 00:0C:42:BD:8E:01 enabled    none             switch1    
 1 R  ether2-l...  1500 00:0C:42:BD:8E:02 proxy-arp  none             switch1    
 2    ether3-l...  1500 00:0C:42:BD:8E:03 enabled    none             switch1    
 3    ether4-l...  1500 00:0C:42:BD:8E:04 enabled    none             switch1    
 4    ether5-l...  1500 00:0C:42:BD:8E:05 enabled    none             switch1    
[admin@MikroTik] /interface ethernet>

cbrown · Thu Nov 08, 2012 5:33 pm

Can you put /export compact instead?

Mark2012 · Fri Nov 09, 2012 4:40 pm

My export file

Mark2012 · Mon Nov 19, 2012 2:20 pm

No one any idea what's wrong?

CelticComms · Mon Nov 19, 2012 5:46 pm

What IP settings are you getting assigned on the PPTP client - IP, & gateway?

What IP are you trying to ping and what interface is that device on?

Mark2012 · Mon Nov 19, 2012 8:43 pm

I have a network 172.26.12.0/24 where the mikrotik is the default gateway (172.26.12.117).

The PPTP client get the following ipconfig:
ip-address: 172.26.12.250
subnet: 255.255.255.255
default-gateway: 172.26.12.250

From this client I can ping the mikrotik (172.26.12.117) but nothing else in the 172.26.12.0/24 network. And from the network I can’t ping the pptp client 172.26.12.250.

It looks like I miss some routing...
But I don’t see it.

[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          192.168.178.1             1
 1 ADC  172.26.12.0/24     172.26.12.117   bridge                    0
 2 ADC  172.26.12.250/32   172.26.12.117   <pptp-user1>              0
 3 ADC  192.168.178.0/24   192.168.178.201 ether1-gateway            0
[admin@MikroTik] /ip route>

I hope this will give a little bit more information.

CelticComms · Tue Nov 20, 2012 12:10 am

Try making a dedicated PPP interface for this user and then check your forwarding rules to make sure that you are actually allowing the traffic - the PPP interface needs to be able to open new connections to that local subnet range.

Seems you have proxy-arp selected already which is the usual suspect....

Mark2012 · Fri Nov 23, 2012 12:05 pm

How make I a dedicated PPP interface fort his user? I don’t see how I can do this. Can you maybe explain this?

CelticComms · Mon Nov 26, 2012 12:25 am

Add an interface under Interfaces with type = "PPTP Server". Enter the relevant user as the "User" for this interface.

Mark2012 · Tue Nov 27, 2012 9:29 am

Strange things happens….

I have add the interface described as above. After this it works.

But the strange thing, when I removed this interface it still keeps on working. To be sure I have rebooted and after that is still works.

I don’t know why. I don’t see what is changed. Probably I have done something wrong? I don't know what but it works now. Thanks everybody for the help.

caesaram85 · Wed Nov 28, 2012 7:45 pm

Hi people,

I'm really frustrated, i can't get it work, the pptp client connects but can't gain access to network hosts at all, i'm just able to ping the gateway.

After follow the wiki http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP,
enabling "proxy-arp" on the BRIDGE interface that points to the network, still can't get a tracert "LOCAL_IP", it just get to the gateway.

Here is my config in routerOS v5.12 attached, hope someone could please help me =(

iproute.txt

ipfirewallmangle.txt

iface_pptp-server.txt

i've create a dedicated PPTP-SERVER for the user but without luck

INFO UPDATE:
- Mikrotik routerOS v5.22

The problem with routerOS PPTP Server:
It appears when using more than 1 WAN interface and PCC load balance (as my config). If i disable 1 wan pptp works ok (but i can't work here with just 1 wan).

Another big problem:
When dst-nat tcp 1723 through mikrotik firewall to inner RRAS pptp server it works fine but the connection get dropped automatically 3 minutes after you get connected. It sounds freak but it really happens. I've noticed in "IP > Firewall > Connections" filtering by connection type pptp, when you get connected it shows with TCP State "CLOSE" automatically, not established as allways but can't change that and don't know why it happens.

I'm stucked!!! Both pptp ways locked my boss is getting me sick!!

Can’t ping local host when login using pptp vpn

Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Re: Can’t ping local host when login using pptp vpn

Who is online