I've have my PPTP setup on my RB450G and it has been working great for the last 6 months. I moved to a new place (same city) and seem to be having issues now. I have my Mikrotik behind a 2wire gateway and it's in the DMZ. (There's no way to fully bridge it, I've tried) When I try to vpn in, it gets stuck at the verifying username and password stage and gives me an 806 error (using Windows 7 to connect) When I take a look at the connections I can see the remote IP trying to connect via 1723 and GRE but it won't connect. Specifically what I see is in the picture attached. The IPs are on the same ISP and blacked out, but one is the remote and one is my WAN IP. Any insight into what is going on?

[admin@MikroTik] /ip> firewall nat print
Flags: X - disabled, I - invalid, D - dynamic

0 ;;; Added by webbox

chain=srcnat action=masquerade out-interface=WAN



1 chain=srcnat action=masquerade protocol=tcp src-address=192.168.1.0/24 dst-address=192.168.1.60 out-interface=WAN dst-port=80



2 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=3389 protocol=tcp in-interface=WAN dst-port=3389



3 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=80 protocol=tcp in-interface=WAN dst-port=80



4 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=443 protocol=tcp in-interface=WAN dst-port=443



5 chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=1194 protocol=udp in-interface=WAN dst-port=1194



6 X chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=135 protocol=tcp in-interface=WAN dst-port=135



7 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=987 protocol=tcp in-interface=WAN dst-port=987



8 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=21 protocol=tcp in-interface=WAN dst-port=21



9 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=9987 protocol=udp in-interface=WAN dst-port=9987



10 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=10011 protocol=tcp in-interface=WAN dst-port=10011



11 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=2302 protocol=udp in-interface=WAN dst-port=2302



12 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=27015-27022 protocol=tcp in-interface=WAN dst-port=27015-27022



13 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=27015-27022 protocol=udp in-interface=WAN dst-port=27015-27022



14 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=1100-1120 protocol=tcp in-interface=WAN dst-port=1100-1120



15 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=10011 protocol=udp in-interface=WAN dst-port=10011



16 chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=9101 protocol=tcp in-interface=WAN dst-port=9101



17 chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=3389 protocol=tcp in-interface=WAN dst-port=3390



18 chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=444 protocol=tcp in-interface=WAN dst-port=444


[admin@MikroTik] /ip> firewall filter print

Flags: X - disabled, I - invalid, D - dynamic

0 chain=input action=drop protocol=tcp dst-port=22,23



1 chain=forward action=accept connection-state=established



2 chain=forward action=accept connection-state=related



3 chain=forward action=drop connection-state=invalid



4 ;;; Prevent inter-subnet communication

chain=forward action=drop src-address=192.168.1.0/24 out-interface=!WAN



5 ;;; Prevent inter-subnet communication

chain=forward action=drop src-address=10.0.0.0/24 out-interface=!WAN


6 chain=input action=accept protocol=gre

Anyone?

how is that router in the DMZ? how is your gateway configured? Seems like the ports are not correctly forwarded by your other router.

Several of the 2wire models have serious issues dealing with non TCP/UDP protocols. Since PPTP relies on GRE, this poses a major problem with trying to forward PPTP.

The best work-around we have found is to put the 2wire into bridge mode and have the mikrotik handle PPPoE. Although they don't "officially" support Bridge mode, check the DSL reports FAQ: http://www.dslreports.com/faq/10495

At my old place, I had a 2Wire that could go into bridge mode. I moved and also upped my speed so I got a different 2Wire. This one you can't fully bridge. Also I try to log into the management page but it asks for a password...