PPTP Client in ROS 7 - unstable

RouterOS Beginner Basics
1

I’m a newbie, so please bear over - also that I still want to use PPTP (for now).

I’ve been using a mAP lite with ROS 6.49.8 to connect using PPTP to my SmartDNSProxy server without any problems (using the setup shown in https://youtu.be/6hdDqXAUBpo - “VPN Configuration PPTP Client – Router Mikrotik - VPNonline”).

Now I’ve purchased a hAP ax3 running ROS 7.11, and tried to use it instead of my mAP lite, and I discovered that I could no longer add a “New Routing Mark” in my IP > Firewall > Mangle rule - so I added “routing/table/add name = “vpn” fib” to create the new routing mark.

In IP > Routes > Routes List > +, there are some new fields (compared to ROS 6) which I left at their default values (shown in parens):

Immediate Gateway (unknown - but shows up as the same as “Gateway”)
Local Address (“blank”)
Suppress Hw offload (“blank”)
VRF Interface (“blank”)
Pref. Source (“blank”)
Blackhole (“Not selected”)

And I assumed that “Routing Table” replaces what was previously called “Routing Mark”, and I set it to “vpn” created above. Also, previously there was a “Type” field (set to “unicast”) but it is not shown in ROS 7.

However, nothing then passes through the router even though the PPTP connection is “enabled”, “running” and “connected”. When I reset the “Routing Table” back to “main”, I can access the Internet through the router - but directly, and not through the PPTP tunnel.

But, and this I cannot explain, sometimes when I reset the “Routing Table” to “vpn”, it works correctly (i.e. connecting through the PPTP tunnel). It’s as though flipflopping the “Routing Table”, sometimes it works, sometimes it doesn’t.

Any ideas what I’m doing wrong (except for using PPTP :wink:)

Thanks

2

Maybe check this ?
https://help.mikrotik.com/docs/display/ROS/Moving+from+ROSv6+to+v7+with+examples

And yes, move to wireguard or so :laughing:

3

Thanks for your response - much appreciated. Unfortunately, I had already looked at the link you provided - and wondered if I should be using Routing Rules instead of Mangling - but I discovered that Routing Rules do not permit ranges for the Src. Address (unlike Mangle) - still, at least I’ve learnt something :slight_smile:

Today I discovered that the reason that things appeared to work sometimes is because of DNS failures once I connect using PPTP. I suspect that in ROS7, that the “Use Peer DNS” which I specify as “yes” (in PPP > Interface > + > PPTP Client > Dial Out) is not working as it did in ROS6.

P.S. I would love to use Wireguard - but it takes two to tango and my SmartDNSProxy site documents PPTP for MikroTik routers. However, they do support OpenVPN for other routers so I guess that will be next on my to do list if I can’t get PPTP working. Maybe I’ll ask them whether Wireguard might be available one day.

Any ideas of why the DNS is not working would of course be appreciated.

Thanks again

4

Mea culpa - the DNS problems were of my own making - I was using a PPTP tunnel which only supported “SmartDNS” lookups - so it looks as though everything is really running fine for me.

Concerning Wireguard, the response I got from SmartDNSProxy was that “Wireguard does not support popular authentication protocols” so for now they were unable to support it. I’ll have to stick with PPTP (and maybe L2TP and OpenVPN once I have some more time).