PPtP keeps disconnecting

RouterOS General
1

Hello together,

I’m new with Mikrotik an need some help.

Till now, i used Windows 7 VPN service to connect to my company, but i’d like to handle it with mikrotik.

What i’ve done:


SoKaR@SKR Production] /interface pptp-client> print
Flags: X - disabled, R - running
0 R name=“pptp-out1” max-mtu=1460 max-mru=1460 mrru=disabled
connect-to=xxx.xxx.xxx.xxx user=“xxx” password=“zzz”
profile=VPN add-default-route=yes dial-on-demand=no
allow=pap,chap,mschap1,mschap2


The problem is, that mikrotik keeps disconnecting the PPtP every ~ minute. I called my administrator of the company and he says, that the keep alive packets get’s no response from my MT. What is my failure?

Log:
00:35:55 pptp,ppp,info pptp-out1: using encoding - MPPE128 stateless
00:37:23 pptp,ppp,info pptp-out1: terminating… - keepalives timed out
00:37:24 pptp,ppp,info pptp-out1: disconnected
00:37:24 pptp,ppp,info pptp-out1: initializing…
00:37:24 pptp,ppp,info pptp-out1: dialing…
00:37:46 pptp,ppp,info pptp-out1: terminating… - disconnected
00:37:46 pptp,ppp,info pptp-out1: disconnected
00:37:46 pptp,ppp,info pptp-out1: initializing…
00:37:46 pptp,ppp,info pptp-out1: dialing…
00:37:59 pptp,ppp,info pptp-out1: authenticated
00:37:59 pptp,ppp,info pptp-out1: using encoding - MPPE128 stateless
00:38:01 pptp,ppp,info pptp-out1: connected
00:39:16 pptp,ppp,info pptp-out1: terminating… - keepalives timed out
00:39:17 pptp,ppp,info pptp-out1: disconnected
00:39:18 pptp,ppp,info pptp-out1: initializing…
00:39:18 pptp,ppp,info pptp-out1: dialing…
00:39:20 pptp,ppp,info pptp-out1: authenticated
00:39:20 pptp,ppp,info pptp-out1: using encoding - MPPE128 stateless
00:39:22 pptp,ppp,info pptp-out1: connected


What I don’t understand is, that Windows 7 handles this without any problems.
The settings in encryption under Win 7: “None - Connection will be closed by server if needed”

Please help.


thx

VPN
2

Sounds like something on your encryption. Try default-encryption as your profile and have a look see.

3

I checked it, but same problem.

4

Sorry that’s about as far as i can assist. Have used PPTP internal and few times to service providers on the net, never had any problem, except with the encryption.

5

Hello,

This is just a guess, not knowing what kinds of routes actually get set up when you check the PPTP interface to be your default route… check if there is a route remaining to your VPN server through your regular gateway. You are expected to get these kinds of timeouts if the router will try to contact the VPN server through the actual VPN channel.

Windows and most OS’s handle this automatically, knowing that users have no idea what routing is, but ROS might be different.

GL

6
  1. Set add-default-route=no on the PPTP client interface
  2. add a scr-nat rule with action=masquerade out-interface=your-pptp-client-interface
7

Hello and thanks for your advices. Tried your ideas but same result. It keeps disconnecting me with reason: terminating… - keepalives timed out

What can i do / log to find the problem? Should i sniff the traffic?

8

Let’s see the output of the following codes:

/ip route print

/ip firewall nat print

/interface pptp-client print

You may just blank out any sensitive information

9 
[SoKaR@SKR Production] > /ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          95.90.227.254             0
 1 ADC  95.90.226.0/23     95.90.xxx.xxx   Port 1 @ PPPoE #1         0
 2 ADC  192.168.2.0/24     192.168.2.1     LAN                       0
[SoKaR@SKR Production] > 
[SoKaR@SKR Production] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; default configuration
     chain=srcnat action=masquerade out-interface=Port 1 @ PPPoE #1 

 1 X chain=dstnat action=dst-nat to-addresses=192.168.2.199 to-ports=3389 
     protocol=tcp in-interface=#PPPoE #255 dst-port=3389 

 2 X chain=dstnat action=dst-nat to-addresses=192.168.2.99 to-ports=80 
     protocol=tcp in-interface=#PPPoE #255 dst-port=80 

 3 X chain=dstnat action=dst-nat to-addresses=192.168.2.99 to-ports=5938 
     protocol=udp in-interface=#PPPoE #255 dst-port=5938 

 4 X ;;; default configuration
     chain=srcnat action=masquerade out-interface=#PPPoE #SDSL 
[SoKaR@SKR Production] > 
[SoKaR@SKR Production] > /interface pptp-client print
Flags: X - disabled, R - running 
 0 X  name="pptp-out1" max-mtu=1460 max-mru=1460 mrru=disabled 
      connect-to=80.89.xxx.xxx user="xxx" password="xxx" 
      profile=MvoxVPN add-default-route=no dial-on-demand=no 
      allow=mschap1,mschap2 
[SoKaR@SKR Production] >
10

Add a srcnat rule with action=masquerade on the pptp-out1 interface.

/ip firewall nat add chain=srcnat action=masquerade out-interface=pptp-out1
11

Tested it, same result. Keep-alive time out …

What i noticed, when the pptp client connects the pptp server is no longer pingable.

12

Nore more ideas? :-S

Perhaps because i have a proxy-arp bridge?

13

Hi,

The pptp server is unable to recieve keepalive pings from your router. In your firewall put a rule to allow icmp traffic from the PPTP server. if unsure ask the pptp server provider for the address to expect keep alive pings from

14

same problem too. any idea?

15

i having same problem here..
any solutions ???

16

Winbox. PPP-> Keepalive Timeout

17

Bro, I have the same problem , I think that they disconnect because there is a low traffic on the routers. I dont know if there is a way to configurate them to dont log out for that low traffic

18

Same problem here