Greetings,
I have implemented PPTP and Remote Winbox access many times on Mikrotik hardware and never really had a problem making both work. However, I have a 2011UiAS unit that I have never been able to get these two functions to work.
The Router has Version 6.32.2 and firmware 3.24. It has a Static IP from Comcast Business class on the WAN Interface and generic NAT on the LAN interface. I have added the standard firewall rules for PPTP/1723 and GRE as well as the firewall rule for 8291. If I disable the drop rules in the firewall it does not improve. I also notice that the packet count for the firewall rules on the PPTP never increments and nothing ever gets logged for PPTP. It just seems that the traffic is never getting to the router at all. I really want to get a better understanding of how to troubleshoot this failure in addition to making it work.
Thanks for any help.
Aaron
You could put a temporary rule that allows your remote IP completely on all ports and see if that increments any hits when PPtP tries to establish.
You could do a packet sniff on the mikrotik, capture to a file, and set the filter to only catch the remote PPtP address.
Do a few pings / https / other things to the Mikrotik from the remote PPtP site, just to see if those packets show up in the sniffer but not the PPtP…
Got is sorted out. Turns out to be a firewall in the Comcast gateway. Comcast is using a Gateway that appears to be made by Cisco. If you disable the firewall in the obvious places it still doesn’t work. Already did that during the initial install. There is an obscure setting in the Advanced / Port management / True Static IP Port Management section. You need to enable the “Disable all rules and allow all inbound traffic through” setting. UUUGGGHHHH!!! Miss the old days when all you needed to make use of a static IP from Comcast was a good old Motorola DOCSIS modem and a decent router.
Aaron