I have a Mikrotik router that NAT’s a Microsoft RRAS server at each of my offices. I recently upgraded the OS on 2 of the Mikrotik routers to 3.6 from 2.9 and began seeing the following problem: Users who have Linksys wireless routers at home can no longer maintain a VPN connection through the routers with the 3.x OS. I updated each router to 3.10 and double checked all of the configurations and still no luck. I have a Mikrotik at home and have no problems with the VPN but all users with Linksys can no longer VPN through any of the 3.x routers. One of my engineers has a Linksys router but uses a Linux OS rather than the shipped Linksys OS and his works ok so I suspect that somehting with the PPTP pass through on the Linksys is to blame.
Is there anything I can do on the Mikrotik OS to let users with Linksys routers at home use the VPN?
I have had similar issues with PPTP passthrough since the introduction of V3, regardless of minor revision. I haven’t been able to nail down the cause, but I will have 20 people in an organization and 18 of them will all work fine but two will not. We will perform firmware updates on their current router and the problem will still persist.
The only solution I have found has been to setup RAS authenticated PPTP server on the Mikrotik. This introduces other issues, but at least things work.
The moment I revert back to V2 of RouterOS the problems go away.
I have not figured this out yet; I have been sending the users with the problem to a router running version 2. I have considered adding Radius and using the PPTP server on the router. If you find a solution I sure would like to know.
We have checked for the latest firmware on the Linksys routers but it did not make a difference. We have several clients with Mikrotik routers and various use configurations and the only thing that has solved the problem at any of the locations is to move the Mikrotik routers back to version 2.
PPTP client is behind Linksysy router (we have tried various models with various firmware versions, the Linksys router works with Linux OS installed instead of Linksys OS)
Our router is Mikrotik version 3 OS using NAT to pass 1723 to our PPTP server
Our PPTP server is a Windows 2003 server with RRAS (all latest Microsoft updates are applied)
There are known issues with the newer Linksys and PPTP vpn connections (do a google). It’s hit or miss if it’s going to work, I’ve seen the issue with MikroTik PPTP server, Microsoft RAS and a Firebox PPTP connection. I’ve also seen the same client work behind one Linksys and not another with the same configuration. In some cases enabling UPnP on the Linksys and affected client fixes the issue.
I would make sure connection tracking is on in your MT. We’ve seen pptp and ipsec stop working or never start if connection tracking isn’t enabled. pptp is a connection oriented link, and ipsec needs it because it causes fragmentation.
I would update right to the latest MT OS for testing; you’d probably be fine doing that for a simple wired router.
ROS v3.17 works just fine running PPTP on Mikrotik or with NAT to Microsoft RAS. We run it both ways without issue on x86 systems and RB1000. That is if NAT for both GRE and TCP 1723 are configured properly. Adding rules to allow all “related” and “establed” connections will help too (connection tracking needs to be enabled).
I am using version 3.17 with NAT to a Microsoft 2003 RRAS server and I have tried with and with out GRE. Perhaps I need some help with your advice “That is if NAT for both GRE and TCP 1723 are configured properly. Adding rules to allow all “related” and “establed” connections will help too (connection tracking needs to be enabled).” If you can provide an example of those configurations I would sure appreciate it.
Well I finally found some time to get back to this; I added the forward filter rules and tested again with the same results. I also updated the Mikrotik OS to 3.19.
Wondering if anyone has resolved this as we are having the same issue. Customers connecting to a VPN get disconnected within a matter of a few minutes or less. We will be upgrading to 3.22 later this evening to see if this resolves the problem.