PPTP Client says "authenticated" but never connects

kurtkraut · September 21, 2013, 5:20am

Hi,

I’m attempting to configure my Routerboard at home as a pptp client for a Windows Server at my company. I can set up this VPN properly in my Ubuntu (network-manager) but RouterOS fails to achieve that. When I enable the pptp client I get the following:

02:14:46 pptp,ppp,info pptp-out1: initializing... 
02:14:46 pptp,ppp,info pptp-out1: dialing... 
02:14:46 pptp,ppp,info pptp-out1: authenticated 
02:14:49 pptp,ppp,info pptp-out1: terminating... 
02:14:49 pptp,ppp,info pptp-out1: disconnected 
02:14:49 pptp,ppp,info pptp-out1: initializing... 
02:14:49 pptp,ppp,info pptp-out1: dialing... 
02:14:52 pptp,ppp,info pptp-out1: authenticated 
02:14:52 pptp,ppp,info pptp-out1: terminating... 
02:14:52 pptp,ppp,info pptp-out1: disconnected

And this goes on in a infinite loop. Please note this is not a routing issue. The PPTP session itself is never stabilished. What puzzles me is even if I set a fake login and fake password, the log still outputs the “pptp-out1: authenticated” line. But this only happens if I set pptp client to connect to a real PPTP server. If I set a fake IP or to a server that is not running a PPTP server the connection fails right away as expected.

I’m using RouterOS v6.4. How can I debug it?

Amirkhatam · September 21, 2013, 12:22pm

export you config here for me ,
are you use radius server to authenticate ?
make sure you ppp profile work good

kurtkraut · September 22, 2013, 6:37am

Hi,

No RADIUS envolved. Please note the PPTP server is a Windows Server. RouterOS is playing a client role here. My settings are as follows:

[admin@xpto] /ppp> export
# sep/22/2013 03:35:06 by RouterOS 6.4
# software id = NX8L-6QQ5
#
/ppp profile
add name=VPN
[admin@xpto] /ppp> 


/interface pptp-client
add allow=mschap2 connect-to=200.200.200.200 disabled=no name=pptp-out1 password="mypassword" user=mylogin

Amirkhatam · September 22, 2013, 9:06am

so check the security parameters because your problem is here

authenticated 
02:14:52 pptp,ppp,info pptp-out1: terminating... 
02:14:52 pptp,ppp,info pptp-out1: disconnected

authenticated

kurtkraut · September 22, 2013, 5:58pm

Hi,

Thanks for your reply but I still belive this is not the issue. As I mentioned before, I can ensure this VPN is functional because I can configure and connect to it using Ubuntu as a PPTP client. Regarding security, both have the same setting activated:

So both PTTP clients have only mschap2 activated. And the Ubuntu one works, the RouterOS doesn’t. Also I’d like to emphasize the “authenticated” message appears in the RouterOS log even if I use the wrong password and a non-existant login name. So this makes me belive there is something very wrong (probably a bug).

Any clue on how can I debug what is going on?

JackANSI · September 23, 2013, 3:16pm

try modifying your “VPN” ppp profile to have “Change TCP MSS” to “yes” and “Use Encryption” to “yes”.

kurtkraut · September 23, 2013, 3:32pm

Hi. Thanks for your help. I’ve made these changes as you suggested but the symptom remains exactly the same

JackANSI · September 23, 2013, 5:31pm

Any firewall rules?

kurtkraut · September 23, 2013, 5:35pm

Only NAT and protection against DNS amplification attacks, nothing that would be related to pptp problem:

[admin@xpto] /ip firewall> export
# sep/23/2013 14:33:44 by RouterOS 6.4
# software id = NX8L-6QQ5
#
/ip firewall filter
add action=drop chain=input comment="Protection against incoming external DNS queries" dst-port=53 protocol=udp src-address=\
    !192.168.77.0/24
add action=drop chain=input comment="Protection against incoming external DNS queries" dst-port=53 protocol=tcp src-address=\
    !192.168.77.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment="Torrent DMZ" dst-port=51413 protocol=tcp to-addresses=192.168.77.200 to-ports=514