Hello everybody,
I’m writing this because I need some help from you experts…
I’m “new” to Mikrotik and I’m trying to setup a PPTP VPN on a network to be accessed by another network via internet…
I followed many guides on the internet (everyone tell the same process to create a pptpvpn) but I can’t connect to the VPN… When I connect my windows 10 and 7 clients to the public IP a error message is displayed:
“the connection between the computer and the VPN server has been interrupted. This error could be caused by a problem in the VPN transmission and it is the result of internet latency. Try to establish again the connection to the VPN server. If the problem persists contact the VPN administrator.”
Help me please.
regards,
-Pier
first off all, what is your internet connection. Does it have a public IP, even it’s dynamic? some ISP only gives you a private IP which is not accessible from the Internet .
secondly, please post your config here by rung this in the terminal and copy, paste the results.
export hide-sensitive
Iive got a static IP and it is accessible from the internet…
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp
/interface pptp-server
add name=pptp-interface user=“”
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface pptp-server server
set enabled=yes
/ip address
add address=10.10.10.3/24 interface=ether1 network=10.10.10.0
add address=192.168.150.1/24 interface=ether2 network=192.168.150
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input dst-port=1723 protocol=udp
add action=accept chain=input dst-port=47 protocol=tcp
add action=accept chain=input dst-port=47 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add distance=1 gateway=10.10.10.1
/ppp secret
add local-address=192.168.150.1 name=test remote-address=
192.168.150.2 service=pptp
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=“ASL AQ”
add
add action=accept chain=input comment="Allow GRE for PPTP" protocol=gre
Its protocol 47, not port 47
PS: you only need TCP 1723 open
It’s not the problem, firewall allows everything by default. There are no drop/reject rules, so even the other accept rules are currently useless.
One question, is this the router with public address (and 10.10.10.3 is just a way of masking the real one)? Because if it is, it’s very very bad config, with everything wide open to whole world. Recommended reading if it’s the case: https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router
Hi Sob,
So what happens to the traffic that are not accepted and not dropped? are you saying they are accepted unless dropped?
Exactly. In Linux with iptables, you can set default policy for chain, i.e. what happens when packet is not matched by any rule in given chain. RouterOS doesn’t expose this option and default is always allow. If you want drop, you need to add unconditional drop at the end.
Thank you Sob, I’ve always had a drop everything else on the input chain but that’s useful to know.
add address=10.10.10.3/24 interface=ether1 network=10.10.10.0
does look like it’s behind another router. In which case that router has to allow 1723 and GRE traffic to your Mikrotik.
Hi All,
Was this issue resolved? Im experiencing the exact same issue and i do not know how to resolve it,
All the other VPN for other Mikrotik routers works fine, also i hve two links on the same router, if i use the failover link the VPN connects but if i use th eprimary router i get the error
“the connection between the computer and the VPN server has been interrupted. This error could be caused by a problem in the VPN transmission and it is the result of internet latency. Try to establish again the connection to the VPN server. If the problem persists contact the VPN administrator.”
Please someone assist.