I am trying to get a PPTP server up and running for my own personal needs. I have a virtual mikrotik running, and have remote access to it. Every time I generate the PPTP server and try to connect, it always fails.
This Mikrotik is behind my ISP router, and I have put the port forwards in as suggested by other, but I am still unable to get the connection to work. If anyone can give me any guidance, that would be amazing!
for PPTP, you will need to forward TCP 1723 and protocol 47 (GRE) to the Mikrotik
where SSTP only requires port 443
So, would I be better off going with L2TP/IPSec? I dont think my router from my ISP has the option to open GRE up.
I switched to to SSTP, forwarded SSL to my MK and then allowed 443 into my MK as well. I can run torch and see the public IP of the other side hitting my MK. But it still does not connect.
I just saw that it makes it past the verifying the login, and the log on my MK here shows “TCP connections established from x.x.x.x” but then it times out on the remote computers side.
To get better security, do not use PPTP but L2TP with IPSec. There are several videos on youtube explaining how to do it.
@Vacadeluna
Always upload picture to the site useing attachments button below the post window instead of using link.
Link gives error 404
for l2tp + ipsec, you will need
/ip firewall filter
add chain=input protocol=udp port=1701,500,4500
add chain=input protocol=ipsec-esp
your ISP router is probably not capable of allowing protocol so this won’t work. I have not tried but it might work without ipsec.
and SSTP requires certificate if you are using windows client but if the client is another Mikrotik router, you don’t need certificate. seems to be the easier option and gives you some security.
Sorry about that, I thought my web server was working properly, but I guess not. I have uploaded an attachment to show you what it is doing!
If you coming with a Windows client behind a NAT and L2TP/IPSec server is also behind a NAT, have a look at this, it solved my problem:
I may give that a go, for the time being, I just re integrated my asus router and put my modem in bridge mode. So im hoping my ASUS router will allow me to open up the protocol that I need for L2TP-IPSec!!
So, I have ALL ppp options enabled for passthrough on my asus router, modem is bridged, asus gets public IP. I also have all of these actions accepted on the MK firewall as well. I got you all a shot of the log as well!
if your ISP modem can be in bridge mode, then why not use the Mikrotik behind it, instead of an ASUS? with Mikrotik you can open up whatever protocol you like.
Because I use the asus for wifi, and its a pretty good router as well. I would say I could use its wifi in bridge mode, but its a rather expensive device to use just as a switch.