PPTP Issues

heddita · December 7, 2009, 4:13am

My friend and I have been trying to configure a VPN account on the mik for the sole purpose of using the PS3 through it. I can ping the VPN gateway from the mikrotik and the ps3 when in Ubuntu, but when it tries to connect to the internet it fails and we can’t see anything passing through the pptp except the icmp.

The internet is coming through ether2, with a dhcp-client configured to get a private IP from the router its connected to and the ps3 is connected on ether3. eth3 is in a bridge with the ip 172.0.0.1/24, there’s a dhcp server on the lan-bridge with addresses from the same 172.x.x.x range.

We configured an EoIP tunnel on my mik and his, on his side, its in the same bridge as the ps3’s and I can reach the mik from my side just fine. We’ve tried configuring the bridge to go through with a nat masquerade rule and tried using static routes to no avail.

We’ve looked through about a dozen tutorials and we’re probably missing something very basic, so if anybody out there could shed some light, it’d be greatly appreciated!

mrz · December 7, 2009, 11:28am

It is not quite clear what you have set up, please post bridge configuration, ip address and routes you have.

heddita · December 9, 2009, 12:45am

I want to tunnel all the PS3 through a VPN. We managed to get it kinda working, the Xbox connects with limitations and the PS3 refuses to connect at all.

Any help would be appreciated!

Routes
0 A S dst-address=0.0.0.0/0 gateway=pptp-out1 gateway-status=pptp-out1 reachable distance=1 scope=30 target-scope=10 routing-mark=to_VPN

1 A S dst-address=0.0.0.0/0 gateway=(public IP) gateway-status=(public IP) reachable ether1 distance=1 scope=30 target-scope=10

2 ADC dst-address=10.0.1.0/24 pref-src=10.0.1.1 gateway=lan-bridge-VPN gateway-status=lan-bridge-VPN reachable distance=0 scope=10

3 ADC dst-address=(public IP)/29 pref-src=(public IP) gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10

4 ADC dst-address=172.0.1.0/24 pref-src=172.0.1.1 gateway=lan-bridge gateway-status=lan-bridge reachable distance=0 scope=10

5 ADC dst-address=192.168.27.1/32 pref-src=192.168.27.8 gateway=pptp-out1 gateway-status=pptp-out1 reachable distance=0 scope=10

PPTP Client

0 R name=“pptp-out1” max-mtu=1460 max-mru=1460 mrru=disabled connect-to=216.155.153.164 user=(USER) password=(password)
profile=default-encryption add-default-route=no dial-on-demand=no allow=pap,chap,mschap1,mschap2

IP Firewall NAT

0 ;;; internet
chain=srcnat action=masquerade src-address=172.0.1.0/24 out-interface=ether1

1 ;;; vpn
chain=srcnat action=masquerade src-address=10.0.1.0/24 routing-mark=to_VPN out-interface=pptp-out1 connection-mark=to_VPN

2 X ;;; port-forward
chain=dstnat action=dst-nat to-addresses=172.0.1.252 to-ports=39787 protocol=tcp dst-address=198.69.42.8 dst-port=39787

3 X chain=dstnat action=dst-nat to-addresses=172.0.1.252 to-ports=39787 protocol=udp dst-address=198.69.42.8 dst-port=39787

4 chain=dstnat action=dst-nat to-addresses=10.0.1.253 to-ports=80 protocol=tcp dst-port=80 connection-mark=to_VPN

5 chain=dstnat action=dst-nat to-addresses=10.0.1.253 to-ports=443 protocol=tcp routing-mark=to_VPN dst-port=443

6 chain=dstnat action=dst-nat to-addresses=10.0.1.253 to-ports=5223 protocol=tcp routing-mark=to_VPN dst-port=5223

7 chain=dstnat action=dst-nat to-addresses=172.0.1.248 to-ports=3478 protocol=udp dst-address=(Public IP) dst-port=3478

8 chain=dstnat action=dst-nat to-addresses=172.0.1.248 to-ports=3479 protocol=udp dst-address=(Public IP) dst-port=3479

9 chain=dstnat action=dst-nat to-addresses=10.0.1.253 to-ports=56456 protocol=tcp routing-mark=to_VPN dst-port=56456

10 chain=dstnat action=dst-nat to-addresses=10.0.1.253 to-ports=3479 protocol=tcp routing-mark=to_VPN dst-port=3479

11 chain=dstnat action=dst-nat to-addresses=10.0.1.253 to-ports=80 protocol=tcp dst-port=80 connection-mark=to_VPN

12 chain=dstnat action=dst-nat to-addresses=10.0.1.253 to-ports=443 protocol=tcp dst-port=443 connection-mark=to_VPN

13 chain=dstnat action=dst-nat to-addresses=10.0.1.253 to-ports=5223 protocol=tcp dst-port=5223 connection-mark=to_VPN

Mangle

0 chain=prerouting action=mark-packet new-packet-mark=VoIP-sip passthrough=no protocol=udp src-address=207.15.198.50 dscp=26

1 chain=prerouting action=mark-packet new-packet-mark=VoIP-rtp1 passthrough=no protocol=udp src-address=207.15.198.50 dscp=47

2 chain=prerouting action=change-dscp new-dscp=46 protocol=udp src-address=207.15.198.50

3 chain=prerouting action=change-dscp new-dscp=26 protocol=udp src-address=207.15.198.50

4 chain=prerouting action=change-dscp new-dscp=47 protocol=udp src-address=207.15.198.50

5 chain=forward action=mark-packet new-packet-mark=VoIP-rtp passthrough=no dscp=46

6 chain=forward action=mark-packet new-packet-mark=VoIP-sip passthrough=no dscp=26

7 chain=prerouting action=mark-connection new-connection-mark=web passthrough=no protocol=tcp dst-port=80

8 chain=prerouting action=mark-connection new-connection-mark=to_VPN passthrough=yes in-interface=lan-bridge-VPN

9 chain=prerouting action=mark-routing new-routing-mark=to_VPN passthrough=yes in-interface=lan-bridge-VPN

10 chain=prerouting action=mark-connection new-connection-mark=no_VPN passthrough=yes in-interface=lan-bridge

11 chain=prerouting action=mark-routing new-routing-mark=no_VPN passthrough=yes in-interface=lan-bridge