Hello,
I have a problem with a PPTP link failing IP Negotiations. As a result, the IP addresses used within the link are “off” - random local addresses not matching up. As a result it seems outing over the link fails, too.
THe server is a Windows 2008 R2 RRAS. IT has been used before and extensively from another 2008 R2 RRAS which I am retiring now in favour of a 450G.
The configuration is (marked some entries as XXX):
0 R name=“link-nue” max-mtu=1460 max-mru=1460 mrru=1614
connect-to=XXXXX user=“XXXXX”
password=“XXXXX” profile=default-encryption add-default-route=no
dial-on-demand=yes allow=mschap2
The profile is:
0 * name=“default” use-compression=default use-vj-compression=default
use-encryption=default only-one=default change-tcp-mss=yes
Nothing special here. Links also are established, it just sometimes takes 10 attempts anda timeout.
I use the 172.21.x.x address space on the other end and 172.20.x.x in my office. The RRAS on the other side is set up to hand out addresses out of a /24. It did so nicely for my local RRAS, it somehow has problems with the RouterOS. As a result, I see:
3 D 172.21.204.4/32 10.112.112.218 0.0.0.0 link-nue
Note that the network does not really match anything. How comes? On the other end I also have a crap network:
PPP adapter link-szn:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : link-szn
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IPv4 Address. . : 169.254.0.30(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
This somehow does not add up. It also takes a long time to arrive at those, instead of instantly connecting.
Also, in the routing table:
5 ADC 10.112.112.218/32 172.21.204.4 link-nue 0
This is pretty much saying - crap. The network there is not assigned anywhere. I dont use 10.112.112 at all.
Any explanation for this?
What is worse- I can not route further. There is one more than this one network on the other side. The RRAS is also respnisble for granting secured access to another cluster / network there, 172.252.x.x. For this I added the router:
10 A S 172.25.0.0/16 link-nue 1
which simply does not work. The packets go to the other end and never are returned. Note that this WAS working with 2008 R2 RRAS on my local end, and the server has not been changed at all.
From my workstation:
ping 172.25.0.1
Pinging 172.25.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 172.25.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The ping works also fine when connecting using windows VPN Services and from the RRAS on the data center itself, so the routing IS set up correctly. I assume this somehow relates to the problem of the wrong IP address being negotiated for the link. I CAN ping everything on the direct other side perfectly (172.21.x.x), just not additional networks. This also only after adding a manual route for 172.21.x.x to the link pptp interface…
Anyone with an idea is welcome. We plan to retire the data center install in some weeks with a RB 1100 which will ALSO do this stuff, but until then… I need this operational.