PPTP Error? Cannot access or ping routeros

goobles · June 20, 2011, 10:45am

Current Setup:

Two routerboards 750 installed with routerOS 5.4.

Connected to each other over a pointed antenna.

With a failover PPTP over adsl.

10.0.1.2 -------------------------> 10.0.2.2
10.0.3.4-----Wireless------->10.0.3.5
10.0.191.6 --PPTP----> 10.0.191.7 (PPTP server)

I also have a pptp connection from the mikrotik device 10.0.1.2 and 10.0.2.2 to My office (PPTP server)

192.168.190.13(Office) ----------> 192.168.190.14 ( 10.0.2.2 )
192.168.190.11 -------> 192.168.190.12 (10.0.1.2)

Problem :

My dude agent is not getting a ping response from 192.168.190.14(10.0.2.2)

I also cannot ping 10.0.2.2 from 10.0.1.2

But I can ping the network beyond 10.0.2.2 from 10.0.1.2.

But I can ping from 10.0.1.2 to 10.0.3.5.

I also can not log into the device with Winbox, using the IP 192.168.190.14. But I can from its public IP(Not always, sometimes the device itself becomes totally unresponsive).

The PPTP server is up and running.

This problem can and has been in reverse.

The device pretty much becomes incommunicable, tho it carries on doing its job.

Been unable to ping it now over the PPTP for a week.

IP SETTINGS OF 10.0.2.2

jun/10/2011 11:26:55 by RouterOS 5.4

software id = N##L-L###

/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m
name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=10.0.2.100-10.0.2.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=
static disabled=no interface=ether3-ConnectionToLan lease-time=3d name=
dhcp1
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=10.0.3.5/24 disabled=no interface=ether4-ConnectionToWireless
network=10.0.3.0
add address=10.0.2.2/24 disabled=no interface=ether3-ConnectionToLan network=
10.0.2.0
add address=10.0.1.200/29 disabled=no interface=ether4-ConnectionToWireless
network=10.0.1.200
add address=10.0.4.1/24 disabled=yes interface=ether3-ConnectionToLan
network=10.0.4.0
add address=10.0.2.4/32 disabled=yes interface=ether3-ConnectionToLan
network=10.0.2.4
/ip dhcp-relay
add delay-threshold=none dhcp-server=10.0.1.3 disabled=no local-address=
10.0.1.2 name=Local-Relay
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.2.0/24 gateway=10.0.2.2
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 servers=
196.43.42.190,196.28.182.20,196.43.42.190,196.14.239.2
/ip firewall address-list
add address=10.0.2.251 disabled=no list=voip
add address=10.0.2.250 disabled=no list=voip
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-connection chain=prerouting comment="PPPOEOUT1 MARKING"
disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe_out
passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe_out disabled=no
new-routing-mark=pppoe_out_route passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe_out disabled=
no in-interface=!pppoe-out1 new-routing-mark=pppoe_out_route passthrough=
yes
add action=mark-connection chain=prerouting comment="PPPOEOUT2 MARKING"
disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe_out2
passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe_out2 disabled=no
new-routing-mark=pppoe_out_route2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe_out2 disabled=
no in-interface=!pppoe-out2 new-routing-mark=pppoe_out_route2
passthrough=yes
add action=mark-connection chain=prerouting comment="PPTPOUT1 MARKING"
disabled=no in-interface=pptp-out1 new-connection-mark=pptp_out
passthrough=yes
add action=mark-routing chain=output connection-mark=pptp_out disabled=no
new-routing-mark=pptp_out_route passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pptp_out disabled=no
in-interface=!pptp-out1 new-routing-mark=pptp_out_route passthrough=yes
add action=mark-connection chain=prerouting comment="PPTPOUT2 MARKING"
disabled=no in-interface=pptp-out2 new-connection-mark=pptp_out2
passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe_out2 disabled=no
new-routing-mark=pptp_out_route2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pptp_out2 disabled=
no in-interface=!pptp-out2 new-routing-mark=pptp_out_route2 passthrough=
yes
add action=mark-packet chain=prerouting comment="DNS - Domain Name System "
disabled=no in-interface=pppoe-out1 layer7-protocol="(unknown)"
new-packet-mark=DNS_in passthrough=no
add action=mark-packet chain=postrouting disabled=no layer7-protocol=
"(unknown)" new-packet-mark=DNS_out out-interface=pppoe-out1 passthrough=
no
add action=mark-packet chain=prerouting comment=
"www HyperText Transfer Protocol " disabled=no in-interface=pppoe-out1
layer7-protocol="(unknown)" new-packet-mark=http_in passthrough=no
add action=mark-packet chain=postrouting disabled=no layer7-protocol=
"(unknown)" new-packet-mark=http_out out-interface=pppoe-out1
passthrough=no
add action=mark-packet chain=prerouting comment=VOIP disabled=no
in-interface=pppoe-out2 new-packet-mark=voip_in passthrough=no
src-address-list=voip
add action=mark-packet chain=postrouting disabled=no dst-address-list=voip
new-packet-mark=voip_out out-interface=pppoe-out2 passthrough=no
add action=mark-packet chain=prerouting comment="Remainder PPPoe1" disabled=
no in-interface=pppoe-out1 new-packet-mark=remaining_in passthrough=no
add action=mark-packet chain=postrouting disabled=no new-packet-mark=
remaining_out out-interface=pppoe-out1 passthrough=no
add action=mark-packet chain=prerouting comment="Remainder PPPoe2" disabled=
no in-interface=pppoe-out2 new-packet-mark=remaining_in2 passthrough=no
add action=mark-packet chain=postrouting disabled=no new-packet-mark=
remaining_out2 out-interface=pppoe-out2 passthrough=no
add action=mark-packet chain=prerouting comment="Wireless VOIP" disabled=no
in-interface=ether4-ConnectionToWireless new-packet-mark=Wvoip_in
passthrough=no src-address-list=voip
add action=mark-packet chain=postrouting disabled=no dst-address-list=voip
new-packet-mark=Wvoip_out out-interface=ether4-ConnectionToWireless
passthrough=no
add action=mark-packet chain=prerouting comment="Wireless Remainder"
disabled=no in-interface=ether4-ConnectionToWireless new-packet-mark=
Wremaining_in passthrough=no
add action=mark-packet chain=postrouting disabled=no new-packet-mark=
Wremaining_out out-interface=ether4-ConnectionToWireless passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2
add action=dst-nat chain=dstnat disabled=no dst-port=3389 in-interface=
pppoe-out1 protocol=tcp to-addresses=10.0.2.198 to-ports=3389
add action=dst-nat chain=dstnat disabled=no dst-port=5900 in-interface=
pppoe-out2 protocol=tcp to-addresses=10.0.2.198 to-ports=5900
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip neighbor discovery
set ether1 discover=no
set ether2-ConnectionToRouter discover=yes
set ether3-ConnectionToLan discover=yes
set ether4-ConnectionToWireless discover=yes
set ether5 discover=no
set pppoe-out1 discover=no
set pptp-out1 discover=no
set pppoe-out2 discover=no
set pptp-wireless discover=no
set pptp-out2 discover=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0
parent-proxy-port=0 port=8080 serialize-connections=no src-address=
0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1
routing-mark=pppoe_out_route scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2
routing-mark=pppoe_out_route2 scope=30 target-scope=10
add disabled=no distance=6 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30
target-scope=10
add disabled=no distance=8 dst-address=0.0.0.0/0 gateway=pppoe-out2 scope=30
target-scope=10
add comment=RouteToOptimed disabled=no distance=1 dst-address=10.0.1.0/24
gateway=10.0.3.4 scope=30 target-scope=10
add comment="Failover route to Optimed" disabled=no distance=3 dst-address=
10.0.1.0/24 gateway=pptp-out1 scope=30 target-scope=10
add disabled=yes distance=2 dst-address=10.0.1.0/24 gateway=pptp-wireless
scope=30 target-scope=10
add disabled=yes distance=1 dst-address=10.0.5.0/25 gateway=10.0.3.4 scope=30
target-scope=10
add comment="Route to Optimed for F###on PPTP" disabled=no distance=1
dst-address=10.0.191.9/32 gateway=10.0.3.4 scope=30 target-scope=10
add comment="Route for Branch VPN" disabled=no distance=1 dst-address=
41.144.10.63/32 gateway=pppoe-out2 scope=30 target-scope=10
add disabled=no distance=1 dst-address=192.168.163.10/32 gateway=pptp-out2
scope=30 target-scope=10
add comment="Route for Tena### VPN" disabled=no distance=1 dst-address=
196.210.209.169/32 gateway=pppoe-out2 scope=30 target-scope=10
/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes

Interface Settings:

/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1526
mac-address=00:0C:42:82:4C:EF mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:82:4C:F0
master-port=none mtu=1500 name=ether2-ConnectionToRouter speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:82:4C:F1
master-port=none mtu=1500 name=ether3-ConnectionToLan speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:82:4C:F2
master-port=none mtu=1500 name=ether4-ConnectionToWireless speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:82:4C:F3
master-port=ether3-ConnectionToLan mtu=1500 name=ether5 speed=100Mbps
/interface pptp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 comment=
"To Optimed Site" connect-to=###### dial-on-demand=no disabled=no
max-mru=1460 max-mtu=1460 mrru=disabled name=pptp-out1 password=####
profile=default-encryption user=vpn_branch
add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=10.0.3.4
dial-on-demand=no disabled=yes max-mru=1460 max-mtu=1460 mrru=disabled
name=pptp-wireless password=##### profile=default-encryption user=
vpn_branch2
add add-default-route=no allow=pap,chap,mschap1,mschap2 comment=
"To Tenacit Site" connect-to=####### dial-on-demand=no disabled=
no max-mru=1460 max-mtu=1460 mrru=disabled name=pptp-out2 password=######
profile=default user=vpn_metlife
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=ether2-ConnectionToRouter
max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out1 password=#####
profile=default service-name="" use-peer-dns=no user=
###########
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=ether2-ConnectionToRouter
max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out2 password=#####
profile=default service-name="" use-peer-dns=no user=
###########
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/interface bridge port
add disabled=no edge=auto external-fdb=auto horizon=none interface=
ether2-ConnectionToRouter path-cost=10 point-to-point=auto priority=0x80
add disabled=no edge=auto external-fdb=auto horizon=none interface=
ether3-ConnectionToLan path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no
/interface ethernet switch port
set ether2-ConnectionToRouter vlan-header=leave-as-is vlan-mode=fallback
set ether3-ConnectionToLan vlan-header=leave-as-is vlan-mode=fallback
set ether4-ConnectionToWireless vlan-header=leave-as-is vlan-mode=fallback
set ether5 vlan-header=leave-as-is vlan-mode=fallback
set switch1_cpu vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=
default enabled=no keepalive-timeout=60 mac-address=FE:##D5:##:81
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=
disabled port=443 verify-client-certificate=no