PPTP link not working for Mikrtik routers over Inernet

Hello There! I am using two Mikrotik routers one in the city(RB450) and other one at home(RB750). Both these routers are connected to two different ISPs. In the city router RB 450’s ether1 is connected to the ISPs DSL line which gets dynamic IP from the ISP and other one RB750 at home is connected to LAN port with ether2 and ISP’s internet connection is through my PC’s wireless card(WISP), who is also providing dynamic IP to connect to the net. Now i want to access my RB450 router in the city to check its status and further network connected to this router. I have follow the PPTP setup guide at documentation page at Mikrotik site to connect these ones, but it didn’t work to me. I have also checked with connecting the LAN port of my PC at which RB750 is connected at home to connect to the wireless card of PC through ICS setting in network connection window for internet sharing with LAN, but can’t connect to the RB450 in the city over internet. Is anybody there who could please let me guide with a step-by-step PPTP configuration procedure in Winbox to bridge these two router boards through two differently connected ISPs internet connections, who are using dynamic IP addressing scheme to its clients.

Please help by giving a complete setup guide for PPPTP link over net.

Thanks,
Paams

mine using static public ip in both mikbox my pptp working fine.

Do your routers show that PPTP tunnel is up and running? Or is it a problem where you cannot pass traffic over established one?

RB450 must have route 0.0.0.0/0 gateway= internal IP of the modem. The modem that is connected to your RB450 has to forward port 1723 to the RB450’s internal IP. You’ll also have to setup DDNS (www.dyndns.org) for your Dynamic ip at the RB450’s modem

RB450:

PPP-PPTP Settings: Enable PPTP Check only Mchap1 and mchap2 for Windows.
Secrets:Create user and pass. Service: PPTP

PC at home:

With Windows. Create new VPN connection under Network Connections. Server: DDNS adress. User+pass: the ones under secret

This worked for me!

Hello Frank607! I extremely apologizes can’t respond back as i was not alerted about the reply for my post, even activating it by double checking while post at forum. I checked my post today with three replies with which yours one can help me a lot. Before that today i was searching whole day for the solution to access my Mikrotik router RB450 having dynamic IP address in the city from my home with windows as a PPTP client under VPN connection. Thanks for your response and happy to know that it worked for you and also exited to make it work for me. I have setup a VPN in Windows XP at my PC under network connection, but i am afraid to say that i am not accessing RB450 at city and getting errors types like 800, 651, while tried to connect to RB450. I think there can be something wrong with the setup at RB450 in the city, as you have explained many new things which i need to have checked at RB450. You are requested please send me the Winbox or New Terminal configuration to setup RB450 for PPTP setting for Windows PPTP VPN. How to setup gateway for internal IP of modem and to setup modem for 1732 forward porting to RB’s450 internal IP? How to setup DDNS for dynamic IP for RB’s modem. If possible also please assit with Windows VPN setup.

Hope you will assist me yours best to make me enable to access RB450 in the city from my home PC.

Thanking you and looking forward to the pleasure of hearing from you soon.

sincerely,
Paams

Hi Frank607! I have configured the ADSL modem mine one is TP-LINK (TP-LINK TD-8811) ADSL+Router and RB450 as per your instructions in the city as below, but afraid to say it didn't work. Please check the configuration and let me what i am missing:

\

RB450 setup:
Winbox---> menu---> IP---> Routes--->add(+)----> Destination:0.0.0.0/0----> Gateway: 192.168.1.1 (default internal IP of TP-LINK's modem+router)----> Apply---> OK.

Winbox---> PPP--->Secrets---->Add(+)---->Name:ppp1--->Passward:*****------>Service:pptp
------>Profile:default------> Apply----->OK.

Then PPP--->Interface----PPTP-Server---->Name:pptp-in1---->User:ex1--->Apply--->OK.
Then PPTP-Server:Enable--->mscacp1, mschap2.

TP-LINK(TP-TD-8811) Modem setup:

http://192.168.1.1---->web interface-----> Advanced Setup----->Select NAT---->NAT virtual server setup---->Add---->NAT Virtual Server---->Select service:pptp---->Custom server: Mikrotik
----->server IP address: 10.10.x.x(internal IP address of RB450)----->add:

External Port Start, External Port End, Protocol:, Internal Port Start, Internal Port End
1723, 1723, TCP/UDP, 1723, 1723,

------>Save/Apply.

DNS----> add DDNS----> HostName----> hostname.dyndns.org----> Username: Username of hostname account---->password: used password with hostname account---->Save/apply.

PC at Home:

Network connections----> create new connections---->connect to network at my places---->VPN connection----->company name:Mikrotik---->Public network: select don't dial the initial connection--->VPN server selection----> Host name or IP address: hostname.dyndns.org--->Finish
---> connect Mikrotik window pops up-----User name: ex1(used with pptp-server in secrets at RB450)--->passwoad:*****(used with pptp-server in secrets at RB450) ---->Error800: Unable to establish VPN connection.

Please help me in establishing this VPN connection and let me know where and what i am missing in the pptp configuration. Please fix, where i am making mistake in the setup.

Thanking you and looking forward to the pleasure of hearing from you soon.

Sincerely,
Paams

Just like you allowed 1723 allow GRE (protocol 47) to go through as well.

http://forum.mikrotik.com/t/pptp-through-internet-to-rb/31336/1

Hello Frank607! Happy to see you again. Thanks to respond me.

I am afraid to say that i am having still problem with establishing PPTP link between my MT’s 450 RouterOS server and Windows XP Client. I have been done everything from documentation to configuring my PPTP server and XP client, but I can’t establish PPTP link over INTERNET. I am able to access RB450 router while within the same attached LAN network through my Windows XP VPN client, but when i try to access RB450 from outside (over INTERNET) it drops the connection and when connecting process goes through its “verifying username and password” process it gives me an error message “Error 619 a connection to remote computer could not established, the port used for this connection was closed”. Below is my configuration for PPTP link between MT 450 server and Windows XP client: I have also replaced my TP-LINK Modem by NeatGear, as TP-LINK don’t have firewall rules and Dynamic DNS options available. I am able to access my Netgear DSL Modem+router over internet using “myhostname.dyndns.org:8080” address, but unable to access RB450 behind it.

Please check my configuration once again:

RB450 setup at remote location:
Winbox—> menu—> IP—> Routes—>add(+)----> Destination:0.0.0.0/0----> Gateway: 192.168.0.1 (default internal IP of NetGear ADSL modem+router)----> Apply—> OK.

Winbox—> PPP—>Secrets---->Add(+)---->Name:ppp1—>Passward:*****------>Service:pptp
------>Profile:default------> Apply----->OK.

Then PPP—>Interface----PPTP-Server---->Name:pptp-in1---->User:ex1—>Apply—>OK.
Then PPTP-Server:Enable—>mscacp1, mschap2.

NetGear’s ADSL modem+router setup (model No:DM111PUSP)

http://192.168.0.1---->web interface-----> Advanced Setup----->Port Forwarding ---->Application Type: PPTP VPN---->Add----> External Packet: All-----> Protocol:TCP,RGE ----->Port:1723,47 ----> Internal Host IP:192.168.0.x (assigned by adsl modem+router to MT RB450 through its DHCP server)----> Save.

Firewall Rules: Disabled ------>Save

DNS----> add DDNS----> HostName----> hostname.dyndns.org----> Username: Username of hostname account---->password: used password with hostname account---->Save/apply.

PC at Home:

Network connections----> create new connections---->connect to network at my places---->VPN connection----->company name:Mikrotik---->Public network: select don’t dial the initial connection—>VPN server selection----> Host name or IP address: hostname.dyndns.org—>Finish
—> connect Mikrotik window pops up-----User name: ex1(used with pptp-server in secrets at RB450)—>passwoad:*****(used with pptp-server in secrets at RB450) ---->“verifying user name and password”------> Error619: Unable to establish VPN connection with remote computer.

Please let me help in establishing this VPN connection and let me know where and what i am missing in the pptp configuration as i have been tried every configuration at both ends one-by-one with no PPTP link connectivity.

Once again any help will be appreciated greatly.

Thanks,
Paams

/ip firewall> filter
;;; Allow VPN PPTP
chain=input action=accept protocol=tcp
src-address=IP_Range1-IP_Range2 dst-port=1723

;;; Allow VPN PPTP
chain=input action=accept protocol=gre
src-address=IP_Range1-IP_Range2

Hi ktcomgrup! Thanx! I have been used these firewall filter rules before, but no luck. But you have added an extra thing with src-address=IP_Range1-Range2. Please let me know what to add in those IP ranges . Is it the local IP address range provided by RB450’s DHCP server to its clients in its local network? Can i use the RB450’s address address at scr-address: “internal IP add. of RB450” instead of using IP range, as i want to access RB450 only at this time not the attached devices in ts LAN. When select protocol it gives 6(tcp) what to use whether 6(tcp) or only tcp. Secondly, there are few of other options come into play in this window what to select with these ones as:

Chain: input
Src. address : ?
Dst. address: ?

Protocol: 6(tcp)
Src. Port: ?
Dst. Port = 1723
Any port:?
In. interface: ?
Out. Interface: ?
Connection type:?

action= accept

Also is there a need to set NAT firewall rules? If yes! please explain which one.

Thanks,
Paams

Probably it will never work. Your PC is doing NAT (ie change your rb750’s IP to the PC’s own IP). PPTP rarely works when there’s NAT in the way.

Try to use OVPN instead.

Thanks andreacoppini! you mean Open Virtual Private Network (OVPN). Please let me provide the complete guide how to configure OVPN for both ends to establish a link between these two.

Thanks,
Paams

See http://wiki.mikrotik.com/wiki/OpenVPN.

Google is your friend…

Hi andreacoppini! Sorry, but I have gone through OVPN tutorial also done some googling. It seems a lengthy process and require good amount of time to understand and to fix the problem in establishing this link and i am not sure whether it will work for me or not. Please correct me if i am wrong. Please understand me i have already been put a good amount of time in establishing the PPTP link with every configuration at Mikrotik documentation, wiki and other members support at forum to establish PPTP link between RB450 and RB750 or with Windows-XP client also at both ends, but no success. I know my PPTP link is complex and require advance setup as i am not using standard internet connection at one end and using it a bit around, but I’ll not give up and keep trying and hope your full support. Please let me know did this OVPN worked for you? Is there any other way to access RB 450 over internet from my home PC or RB750?

Thanks,
Paams

Simply put, PPTP is not designed to be used behind NAT. In fact it’s one of the worse protocols you could use behind a NAT device. So, I wish you luck in your attempt, but I won’t hold my breath.

I’ve tried to implement PPTP and L2TP behind NAT devices. I’ve had some minor success with L2TP and PPTP to a lesser extend. With these two protocols, you may either not get a connection at all, or else the connection is established but no traffic goes through.

With OVPN, everything works fine. OVPN works through any internet connection you could through at it. It just uses one port and that port can be anything you want it to be, so even if your ISP is blocking some ports, with OVPN you can freely change the port it uses.

It IS a pain to set it up since you need to mess around with certificates, but using the Wiki and a free weekend, you’ll manage to get it to work.

Thanks andreacoppini! Please let me know do you been tested it own your own at your end and it worked for you?

Paams

yes of course, it works fine for me… in fact I added some bits to the Wiki myself.

Great!!! could you please guide me with the setup process at RB 450 and Windows-XP as i am not getting any idea from wiki that where i have to start it to setup. Confusing me a lot where to start to configure it. Also please provide the link where you have added it at wiki. I’ll be grateful to you.

Thanks,
Paams

Hi andreacoppini! Thank you so much to assist me with my PPTP link problem. I have something to tell you regarding PPTP link setup. Actually because of living in rural area i have only one option at this time to access internet through GPRS from my home and i am using internet over GPRS provided by a mobile phone service operator in my area. My mobile phone acts as modem and working well. I used to access internet without any problem from anywhere. I have contacted this home ISP about PPTP problem and he has said that most of the ports are blocked and are not permitted to open it because of security reasons and can’t help no longer with my PPTP problem. I came to a conclusion that PPTP link won’t work for me at this time and must look for other way to access RB450 at remote location.

I think i don’t need to establish PPTP link to get access RB450 remotely from public network (internet). Please correct me if i am wrong. I want to access RB450 in the same way from public network (internet) as i am accessing and controlling DSL modem+router attached to RB450. so i am also trying to access RB450 with writing the address “http:publicIPaddress:8080/”, the public IP address assigned to RB450’s ether1 interface from remote ISP, the same way as i am using to access DSL modem+router at internet explorer window attached to RB450, but come out with a blank web page. Do i need to have configure something at RB450 to access its web interface remotely over internet? If yes! please let me provide the configuration. Also i think it could be possible to accessed RB450 through winbox from public network (internet) remotely? Could you please explain with both of these web interface and winbox configuration at RB450 to access it from home PC over public network. I’ll be really very grateful to you for this and appreciate your help from my heart.

Thanks,
Paams