I’m having trouble establishing a PPTP VPN connection to my Mikrotik Router (CCR2004-1G-12S+2XS). From Windows, the error I am receiving is “The VPN connection between your computer and the VPN server could not be completed … the VPN server is not configured to allow Generic Routing Encapsulation (GRE) protocol packet…”
The issue does not occur for all clients connecting to the VPN. Some with users coming from different ISPs can connect, others cannot & receive the message above. So I am thinking the cause could be with some ISPs.
How do I ensure that the config is set properly on the router?
Under Firewall → Filter Rules both Protocols GRE & TCP are configured to accept connections (Input Chain) as well as the PPTP service port enabled on port 1723. Oddly enough, users were still able to connect to the VPN before any of these three config changes were done.
PPTP needs 1723 and GRE if you have already done that, and the profile for the PPTP is also configured in such a way that the clients can connect with any encryption. I don’t see a reason why you think you did something wrong. of course you can log the connection and share it maybe someone can find something.
I’m thinking your TCP 1723 packets are working fine. From there you have to troubleshoot it. Does a packet capture on both the Mikrotik and client show GRE packets being sent and received?
Sorry to wake up a old thread but I’m having the same problem.
gre protocol is enabled and set as a input but Windows is giving a GRE error when I attempt to connect to the Mikrotik.
Windows logs indicate a RasClient 806 failure, event id 20227
The logs on the router indicate a incoming VPN on port 1723 and even though gre is set to log it never pops up in the log.
I tried a packet capture with the tools but it was about useless, assuming I’m using it correctly.
I’m not super familiar with Mikrotiks but I know my way around PfSense/Netgate quite well.
Edit: I should also point out that the internet provider is StarLink as this may be related. The client side is Starlink, the server side is a static fiber link.
Edit: Disregard, apparently the client was misconfigured with pptp of which (according to my reading) is blocked by SL due to that protocol being depreciated.
I switched the client to sstp and now am getting a “…CN name does not match the passed value” error. I’ll start a new thread if I need to regarding this error.