PPTP Gateway set to 0.0.0.0

RouterOS Beginner Basics
1

This is my first routeros setup, and I’ve got it most working so far, except pptp server. I currently have static WAN IP on eth3, eth1 is LAN and wlan1 is AP and bridged with eth1. But every time I VPN in I get gw to 0.0.0.0, Ive fiddled a bit but nothing seems to make it work. Can some one spot what Im doing incorrectly?

Here is my settings:

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=proxy-arp auto-mac=yes disabled=no forward-dela
    1500 name=bridge1 priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=ether1 path-cost
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=wlan1 path-cost=
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no




/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=bridge1 lease-time=3d name=dhcp1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.12.184 disabled=no mac-address=00:00:AA:AC:6D:2E server=dhcp1
add address=192.168.12.16 client-id=CAM2 disabled=no mac-address=1C:AF:F7:04:F3:55 server=dhcp1
add address=192.168.12.15 client-id=cam1 disabled=no mac-address=00:19:5B:EE:F6:13
add address=192.168.12.17 client-id=cam3 disabled=no mac-address=1C:AF:F7:04:F2:85
add address=192.168.12.6 client-id=1:0:9:34:2c:c:6b disabled=no mac-address=00:09:34:2C:0C:6B server=dhcp1
add address=192.168.12.8 client-id=1:48:5b:39:3:31:3b disabled=no mac-address=48:5B:39:03:31:3B server=dhcp1
/ip dhcp-server network
add address=192.168.12.0/24 dns-server=192.168.12.1 gateway=192.168.12.1 ntp-server=62.119.40.98




/ppp profile
set default change-tcp-mss=default dns-server=192.168.11.1 name=default only-one=default use-compression=default use-encryption=required \
    use-mpls=default use-vj-compression=default
add bridge=bridge1 change-tcp-mss=default dns-server=192.168.12.1 incoming-filter="" local-address=192.168.12.1 name=PPTP_IN only-one=\
    default remote-address=PPTP_Pool1 use-compression=default use-encryption=default use-mpls=default use-vj-compression=default
set default-encryption change-tcp-mss=yes dns-server=192.168.11.1 name=default-encryption only-one=default use-compression=default \
    use-encryption=required use-mpls=default use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 local-address=192.168.12.1 name=xx_yyy password=xxx profile=\
    PPTP_IN routes="" service=pptp




/ip pool
add name=dhcp_pool1 ranges=192.168.12.30-192.168.12.230
add name=PPTP_Pool1 ranges=192.168.12.231-192.168.12.245
[admin@MikroTik] /ip pool>




/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="Accept established connections" connection-state=established disabled=no
add action=accept chain=input comment="Accept related connections" connection-state=related disabled=no
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid disabled=no
add action=accept chain=input comment=UDP disabled=no protocol=udp
add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" disabled=no protocol=icmp
add action=accept chain=input comment="From our LAN" disabled=no in-interface=bridge1 src-address=192.168.12.0/24
add action=accept chain=input comment="PPTP server accept" disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input comment="PPTP GRE 47 accept" disabled=no protocol=gre
add action=drop chain=forward disabled=no src-address=0.0.0.0/8
add action=drop chain=forward disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward disabled=no src-address=127.0.0.0/8
add action=drop chain=forward disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward disabled=no src-address=224.0.0.0/3
add action=drop chain=input disabled=no dst-address=224.0.0.0/3
add action=drop chain=input comment="drop ftp brute forcers" disabled=no dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" disabled=no \
    protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 \
    protocol=tcp
add action=log chain=input comment="Log everything else" disabled=no log-prefix="DROP INPUT"
add action=drop chain=input comment="Drop everything else" disabled=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether3 src-address=192.168.12.0/24
add action=dst-nat chain=dstnat comment=WHS disabled=no dst-address=83.227.218.2 dst-port=443 in-interface=ether3 protocol=tcp to-addresses=\
    192.168.12.8 to-ports=443
add action=dst-nat chain=dstnat comment=WHS disabled=no dst-address=83.227.218.2 dst-port=80 in-interface=ether3 protocol=tcp to-addresses=\
    192.168.12.8 to-ports=80
add action=dst-nat chain=dstnat comment=FTP disabled=no dst-address=83.227.218.2 dst-port=22 in-interface=ether3 protocol=tcp to-addresses=\
    192.168.12.8 to-ports=22
add action=dst-nat chain=dstnat comment=FTP disabled=no dst-address=83.227.218.2 dst-port=21 in-interface=ether3 protocol=tcp to-addresses=\
    192.168.12.8 to-ports=21
add action=dst-nat chain=dstnat comment="FTP datachannels" disabled=no dst-address=83.227.218.2 dst-port=4000-4010 in-interface=ether3 \
    protocol=tcp to-addresses=192.168.12.8 to-ports=4000-4010
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
2

Hi Trollman
I noticed mismatch in your dns-server entries. also, can you tell us what you PPTP client is ? windows or routeros ? can you also post your pptp clients setting ?

waiting for your response.

Abiola

3

Hi bholler

Thanks for a quick reply! I use iOs and windows 7 as clients. Testing today ( from the office ) and it seems to work with the below settings, but win7 still shows it as:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Home
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.12.244(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.12.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

winbox can not connect over the tunnel, but I do not know if it should or not. When you found an error in the dns config, what was the error?