Hi.
I have RB750 in my company and we wanted to enable VPN so we can connect remotely to office lan.
We have fibre optic media converter (with static IP), and RB750 connected to it. We set up VPN according to manuals we've found on internet but it is not working.
Actually, it is working when we try to connect from computer (Windows XP pptp client) that is in LAN, with extern IP address set in connection settings.
But from outside, it does not work. Windows with Connecting to <IP address> stays for about 10 seconds and then I got Error 678:The remote computer did not respond.
What could be the cause of this problem?

P.S.
We opened port for RDC, and it works, we can connect on one computer via RDC from outside.

Does anybody know what could be the problem? I'm stuck, don't know where to start.

Hi,

Try this: Regards, Grzegorz.

Thanks, I'll try this and report back.

I tried with that but problem persists. Nothing changed, I'm still getting Error 678:The remote computer did not respond.

I tried with that but problem persists. Nothing changed, I'm still getting Error 678:The remote computer did not respond.

how do you have the client setup?
how to did you use to make the vpn?

Where you located, if you are interested I will remote in and take a look at the issue

Rich

Check client (WinXP) configuration and firewall settings.
Error 678 simply means "can't connect to remote pptp server".
Use Wireshark or other sniffer to check PPTP session.

Regards, Grzegorz.

how do you have the client setup?
how to did you use to make the vpn?

Where you located, if you are interested I will remote in and take a look at the issue

Rich

I just entered IP address and changed type of VPN to PPTP.

I'm in Serbia.

Check client (WinXP) configuration and firewall settings.
Error 678 simply means "can't connect to remote pptp server".
Use Wireshark or other sniffer to check PPTP session.

Regards, Grzegorz.

XP Firewall is disabled.
I'll try with Wireshark.

I forgot to mention, before we've bought RouterBoard we borrowed PC with RouterOS from my friend and tried it. We liked it so we bought it. We tried VPN and it worked without problems. Same settings we use now for server and client.
Few days ago I tried to connect to my friends PC with RouterOS via VPN and it is working, so I don't think client settings are problem.

Thanks guys for helping me out.
Regards.

The windows client would give you an Error 628 if you've disabled encryption in the PPTP profile. You can see in the Logs that the PPTP client authenticated and then immediately terminated.

Error 628: The port is disconnected or The connection was terminated by the remote computer before it could be completed. This is most likely a modem or phone line noise issue or blocking port issue.

The compression might also cause issues with Windows XP clients, but not with Windows 7 like I have.

The windows client would give you an Error 628 if you've disabled encryption in the PPTP profile. You can see in the Logs that the PPTP client authenticated and then immediately terminated.

Thanks for tip, I'll look at Logs but I'm sure I haven't disabled encryption.

Error 628: The port is disconnected or The connection was terminated by the remote computer before it could be completed. This is most likely a modem or phone line noise issue or blocking port issue.

The compression might also cause issues with Windows XP clients, but not with Windows 7 like I have.

I'm getting Error 678 not 628.
I tried without compression, but still no good.

Yes I know that you did receive a different error.

Make sure to enable encryption. With my Windows 7 I can use the PPTP VPN without compression, bot NOT without encryption.

Have you tried connecting from a Windows Vista/7 machine yet?

Can you telnet to your IP address port 1723 from outside location?

Regards, Grzegorz.

Yes I know that you did receive a different error.

Make sure to enable encryption. With my Windows 7 I can use the PPTP VPN without compression, bot NOT without encryption.

Have you tried connecting from a Windows Vista/7 machine yet?

I will look at encyption settings, but I'm pretty sure that it's enabled.
I haven't tried connecting from Windows Vista/7 machine, I gotta find one first.

Can you telnet to your IP address port 1723 from outside location?

Regards, Grzegorz.

I forgot to mention earlier, I tried telnet to that IP address port 1723 from outside, but without success.

Could not open connection to the host, on port 1723: Connect failed

Regards, Grzegorz.

If you can't telnet to port 1723 then the PPTP connection won't work either.

Update: Make sure that you put the firewall rule that Grzegorz posted high up (if not first) in your Firewall filter rules.

If you can't telnet to port 1723 then the PPTP connection won't work either.

Update: Make sure that you put the firewall rule that Grzegorz posted high up (if not first) in your Firewall filter rules.

Yeah, but why can't I telnet to 1723?
I've put firewall rule yesterday, but I'll check again.

Code: Select all

/ip firewall filter
add action=accept chain=input comment="default configuration - PPTP" \
    disabled=no dst-port=1723 in-interface=WAN protocol=tcp

Regards, Grzegorz.

I've added this but still no go.

As for PPP default profile, encyption is set to yes. Is this good?

I have noticed strange thing in IP firewall filter rules. There's a rule Added by webbox chain=input action=drop in-interface=ether1-gateway. In webbox it is going up and down from #3 to 4,5 and #6.

That rule should be placed at the bottom of the list, as long as you have rules above it accepting all the traffic that you want to allow. Otherwise, remove that rule!

That rule should be placed at the bottom of the list, as long as you have rules above it accepting all the traffic that you want to allow. Otherwise, remove that rule!

Yes, that was the problem.
Thanks, man.