Hi there
I havent been able to find anyone with a similar problem as I have. I am running v3.30, everything is working great. I have a pptp server which works well.
The routerboard is at my office, which is our main router, it is handling all of our traffic, voip, web and email. It has the pptp server configured and when we are out of the office we can connect no problem.
I have a pptp server running at home on my router at home, I have my laptop setup as a client to my home pptp server. But for some reason when I try to connect when I am behind the mikrotik router I am getting stuck at verifying user name and password. Sometimes it will connect but mostly I get stuck at verifying user name and password with error 619. IF I go to my friends place or tehter with my phone I can connect to my pptp server at home with my laptop no problem everytime.
I was wondering if there are some special rules I need to setup to allow gre and tcp 1723 to pass through mikrotik but I am worried if I do this then our pptp connections to the mikrotilk server will fail.
Any help would be appreciated.
Most probably NAT breaks PPTP. Make sure PPTP NAT helper is enabled
/ip firewall service-port enable pptp
Hi thank you for the quick response, here is the output from the above command, it looks like there is something wrong with the pptp NAT helper it is showing as invalid... how do I fix this?:
Flags: X - disabled, I - invalid
NAME PORTS
0 ftp 5633
1 tftp 69
2 irc 6667
3 X h323 1720
4 sip 5060
5061
5 I pptp 1723
Flag “i” shows its invalid. Unset ports and try again
/ip firewall service-port set pptp ports=""
I ran your command and then I ran
ip firewall service-port set pptp ports="1723"
[john@MikroTik] > ip firewall service-port print
Flags: X - disabled, I - invalid
NAME PORTS
0 ftp 5633
1 tftp 69
2 irc 6667
3 X h323 1720
4 sip 5060
5061
5 I pptp 1723
I am still getting invalid, maybe I reset it incorrectly?
The other thing I forgot to mention was that on top of running a pptp server on the mikrotik we are also running a pptp client to our voip provider. I am not sure if this makes a difference? The other thing if I setup a pptp client on mikrotik to my pptp server at home it connects with no problem, this is why I was suspecting that something is intercepting my pptp traffice from my laptop when I am on the mikrotik lan.
Test with skipping this part:
ip firewall service-port set pptp ports="1723"
I see now, thank you, PPTP no longer showing invalid. I was able to connect to the mikrotik vpn at work from home, voip is still working.
I will test connecting to my vpn at home from the office tomorrow.
Thank you very much for your help and patience
Success!
I have been able to connect to my pptp server at home from my office behing the mikrotik router. Removing the service port seemed to have done the trick.
I have connected a few times today without any trouble and normally I can connect once or not at all.
Thank you for your help, is there a way to change this to resolved because it is!
Thanks again, I have never used the mikrotik forums before, you guys are great!