PPTP Mikrotik and MacOS X 10.8.4

Hi everyone!
Recently I detected an error on my MacOS X 10.8.4 while I was connected through VPN to the network of my corporation. When I’m trying to ping or connect to some IP address, it outputs several errors:

MacBook-Air-Pavel:~ paus$ ping 192.168.10.155
PING 192.168.10.155 (192.168.10.155): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
ping: sendto: No route to host
Request timeout for icmp_seq 3
ping: sendto: Host is down
Request timeout for icmp_seq 4
ping: sendto: Host is down
Request timeout for icmp_seq 5
ping: sendto: Host is down
Request timeout for icmp_seq 6

But relatively with the router address it’s okey:

MacBook-Air-Pavel:~ paus$ ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=22.466 ms
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=47.799 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=36.380 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=23.833 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=64 time=20.648 ms

and from the windows client it works fine already.


What have you seen as the problem? My configuration is here:

/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default enabled=yes
keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled

local-address=192.168.10.1 name=blabla password=1111111 profile=
default-encryption remote-address=192.168.10.100 routes=“” service=pptp
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0 \

up it.

Post /export compact

It’s hard to tell without seeing your entire config but I would guess you need to set your LAN interface to proxy-arp.

Well, that’s the whole configuration. Anybody help:

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500
name=bridge1 priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:D1:3C:47
master-port=none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:D1:3C:48
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:D1:3C:49
master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:D1:3C:4A
master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:D1:3C:4B
master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/ip hotspot profile
set default dns-name=“” hotspot-address=0.0.0.0 html-directory=hotspot
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap
name=default rate-limit=“” smtp-server=0.0.0.0 split-user-domain=no
use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=
1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m
name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=192.168.10.51-192.168.10.75
add name=dhcp_pool2 ranges=192.168.10.100-192.168.10.150
add name=dhcp_pool3 ranges=192.168.10.100-192.168.10.150
add name=dhcp_pool4 ranges=192.168.10.100-192.168.10.150
add name=dhcp_pool5 ranges=192.168.10.100-192.168.10.150
add name=pptp ranges=192.168.10.90-192.168.10.100
/ip dhcp-server
add address-pool=dhcp_pool5 authoritative=after-2sec-delay bootp-support=
static disabled=no interface=ether2 lease-time=3d name=dhcp1
/ppp profile
set default change-tcp-mss=yes name=default only-one=default use-compression=
default use-encryption=default use-mpls=default use-vj-compression=
default
set default-encryption change-tcp-mss=yes dns-server=192.168.10.155 name=
default-encryption only-one=default use-compression=default
use-encryption=yes use-mpls=default use-vj-compression=default
wins-server=192.168.10.155
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=
5
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both
disabled=no dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=
2M/2M name=queue1 parent=none priority=8 queue=
default-small/default-small target-addresses=192.168.10.139/32
total-queue=default-small
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no
ignore-as-path-len=no name=default out-filter=“” redistribute-connected=
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no
redistribute-static=no router-id=0.0.0.0 routing-table=“”
/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=
auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=
default
/snmp
set contact=“” enabled=no engine-id=“” location=“” trap-target=0.0.0.0
trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password=“”
authentication-protocol=MD5 encryption-password=“” encryption-protocol=
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote-port=514 syslog-facility=daemon
syslog-severity=auto target=remote
add disk-file-count=2 disk-file-name=firewall disk-lines-per-file=100
disk-stop-on-full=no name=firewall target=disk
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=
400MHz force-backup-booter=no silent-boot=no
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=
400MHz force-backup-booter=no silent-boot=no
/user group
add name=read policy=“local,telnet,ssh,reboot,read,test,winbox,password,web,sn
iff,sensitive,api,!ftp,!write,!policy”
add name=write policy=“local,telnet,ssh,reboot,read,write,test,winbox,password
,web,sniff,sensitive,api,!ftp,!policy”
add name=full policy=“local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo
x,password,web,sniff,sensitive,api”
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether3 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no
/interface ethernet switch port
set ether1 vlan-mode=disabled
set ether2 vlan-mode=disabled
set ether3 vlan-mode=disabled
set ether4 vlan-mode=disabled
set ether5 vlan-mode=disabled
set switch1_cpu vlan-mode=disabled
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=
default enabled=no keepalive-timeout=60 mac-address=FE:03:72:A5:57:72
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default enabled=yes
keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=
disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=yes enabled=yes threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=228.105.107.182/30 disabled=no interface=ether1 network=
228.105.107.180
add address=192.168.10.1/24 disabled=no interface=ether2 network=192.168.10.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.10.117 client-id=1:8:0:27:6f:76:86 disabled=no
mac-address=08:00:27:6F:76:86 server=dhcp1
add address=192.168.10.108 client-id=1:b4:99:ba:5b:bd:92 disabled=no
mac-address=B4:99:BA:5B:BD:92 server=dhcp1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.155,192.168.10.75 gateway=
192.168.10.1 ntp-server=192.168.10.155 wins-server=192.168.10.155
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 servers=8.8.8.8,8.8.8.9
/ip firewall address-list
add address=192.168.10.0 comment=“local addresses” disabled=no list=
local_addresses
add address=0.0.0.0 disabled=no list=“port scanners”
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=2s tcp-syn-sent-timeout=2s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=input comment=“Drop an external connection to 80 port.”
disabled=no dst-address=228.105.107.182 dst-port=80 protocol=tcp
add action=accept chain=input comment=VPN disabled=no dst-port=1723 protocol=
tcp
add action=drop chain=forward comment=“Drop invalid connection packets”
connection-state=invalid disabled=no
add action=accept chain=forward comment=“Allow established connections”
connection-state=established disabled=no
add action=accept chain=forward comment=“Allow related connections”
connection-state=related disabled=no
add action=drop chain=virus comment=“Drop Blaster Worm” disabled=no dst-port=
135-139 protocol=tcp
add action=drop chain=virus comment=“Drop Messenger Worm” disabled=no
dst-port=135-139 protocol=udp
add action=drop chain=virus comment=“Drop Blaster Worm” disabled=no dst-port=
445 protocol=tcp
add action=drop chain=virus comment=“Drop Blaster Worm” disabled=no dst-port=
445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214
protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom” disabled=no dst-port=1080
protocol=tcp
add action=drop chain=virus comment=“ndm requester” disabled=no dst-port=1363
protocol=tcp
add action=drop chain=virus comment=“ndm server” disabled=no dst-port=1364
protocol=tcp
add action=drop chain=virus comment=“screen cast” disabled=no dst-port=1368
protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373
protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377
protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434
protocol=tcp
add action=drop chain=virus comment=“Bagle Virus” disabled=no dst-port=2745
protocol=tcp
add action=drop chain=virus comment=“Drop Dumaru.Y” disabled=no dst-port=2283
protocol=tcp
add action=drop chain=virus comment=“Drop Beagle” disabled=no dst-port=2535
protocol=tcp
add action=drop chain=virus comment=“Drop Beagle.C-K” disabled=no dst-port=
2745 protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom” disabled=no dst-port=
3127-3128 protocol=tcp
add action=drop chain=virus comment=“Drop Backdoor OptixPro” disabled=no
dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=
udp
add action=drop chain=virus comment=“Drop Sasser” disabled=no dst-port=5554
protocol=tcp
add action=drop chain=virus comment=“Drop Beagle.B” disabled=no dst-port=8866
protocol=tcp
add action=drop chain=virus comment=“Drop Dabber.A-B” disabled=no dst-port=
9898 protocol=tcp
add action=drop chain=virus comment=“Drop Dumaru.Y” disabled=no dst-port=
10000 protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom.B” disabled=no dst-port=
10080 protocol=tcp
add action=drop chain=virus comment=“Drop NetBus” disabled=no dst-port=12345
protocol=tcp
add action=drop chain=virus comment=“Drop Kuang2” disabled=no dst-port=17300
protocol=tcp
add action=drop chain=virus comment=“Drop SubSeven” disabled=no dst-port=
27374 protocol=tcp
add action=drop chain=virus comment=“Drop PhatBot, Agobot, Gaobot” disabled=
no dst-port=65506 protocol=tcp
add action=jump chain=forward comment=“jump to the virus chain” disabled=no
jump-target=virus
add action=accept chain=forward comment=“Allow SMTP” disabled=no dst-port=25
protocol=tcp
add action=accept chain=forward comment=“allow TCP” disabled=no protocol=tcp
add action=accept chain=forward comment=“allow ping” disabled=no protocol=
icmp
add action=accept chain=forward comment=“Allow HTTP” disabled=no dst-port=80
protocol=tcp
add action=accept chain=forward comment=“allow udp” disabled=no protocol=udp
add action=drop chain=forward comment=“drop everything else” disabled=no
add action=drop chain=forward comment=“Drop bit-torrents.” disabled=no p2p=
bit-torrent
add action=accept chain=input comment=“limited dns” disabled=no dst-port=53
limit=71,32 protocol=udp
add action=drop chain=input comment=“limited dns” disabled=no dst-port=53
protocol=udp
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“Port scanners to list”
disabled=no protocol=tcp psd=21,3s,3,1
add action=drop chain=forward disabled=no p2p=all-p2p protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat disabled=no dst-address=0.0.0.0/0
src-address=192.168.10.0/24
add action=dst-nat chain=dstnat comment=rdp disabled=yes dst-address=
228.105.107.182 dst-port=3378 protocol=tcp to-addresses=192.168.10.33
to-ports=3378
add action=dst-nat chain=dstnat comment=rdp disabled=no dst-address=
228.105.107.182 dst-port=3389 protocol=tcp to-addresses=192.168.10.43
to-ports=3389
add action=log chain=dstnat comment=logging disabled=no dst-address=
228.105.107.182 dst-port=3389 log-prefix=fw_access protocol=tcp
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set bridge1 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0
parent-proxy-port=0 port=8080 serialize-connections=no src-address=
0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=228.105.107.181
scope=30 target-scope=10
/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=yes port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=yes port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=yes
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0
use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=yes
/ppp secret
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
local-address=192.168.10.1 name=kas password=1111111111111111111111111 profile=
default-encryption remote-address=192.168.10.100 routes=“” service=pptp
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
local-address=192.168.10.1 name=pas password=111111111111111111111111111111111 profile=
default-encryption remote-address=192.168.10.99 routes=“” service=pptp
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
local-address=192.168.10.1 name=nas password=1111111111111111111111111111111111111111 profile=
default-encryption remote-address=192.168.10.97 routes=“” service=pptp
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m
gateway-selection=no-gateway origination-interval=5s preferred-gateway=
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no
redistribute-connected=no redistribute-ospf=no redistribute-static=no
routing-table=main timeout-timer=3m update-timer=30s
/store
add disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=Europe/Moscow
/system clock manual
set dst-delta=+00:00 dst-end=“jan/01/1970 00:00:00” dst-start=
“jan/01/1970 00:00:00” time-zone=+00:00
/system console
add disabled=no term=vt102
/system health
set
/system identity
set name=MikroTik
/system logging
add action=memory disabled=no prefix=“” topics=info
add action=memory disabled=no prefix=“” topics=error
add action=memory disabled=no prefix=“” topics=warning
add action=echo disabled=no prefix=“” topics=critical
add action=firewall disabled=no prefix=fw_access
/system note
set note=“” show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=
0.0.0.0 user=“”
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=
100
/tool e-mail
set address=0.0.0.0 from=<> password=“” port=25 user=“”
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number=“” channel=0 keep-max-sms=0 receive-enabled=no secret=“”
/tool sniffer
set file-limit=10 file-name=“” filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535 filter-protocol=all-frames
filter-stream=yes interface=all memory-limit=10 memory-scroll=yes
only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no

Del

Rivera
I didn’t quite follow you.

Make sure proxy-arp is enabled on the Mikrotik LAN ports or bridge. For example I had ports 2-5 bridged on my RB951G and I enabled proxy-arp on the bridge, problem solved.

I changed this option on Bridge, which connects several ports between them, but It doesn’t work:

MacBook-Air-Pavel:~ paus$ ping 192.168.10.30
PING 192.168.10.30 (192.168.10.30): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
ping: sendto: No route to host
Request timeout for icmp_seq 4
ping: sendto: Host is down
Request timeout for icmp_seq 5
ping: sendto: Host is down
Request timeout for icmp_seq 6

Need help yet.

I noticed a few other things that you have different than I did…

1. You have quite a few DHCP pools defined as different names but the same addresses… I can’t see the point of that.

2. I had the local-address defined on the PPTP Server as my LAN IP through a profile… You seem to have it on the secrets.

Mine:

/ppp profile
add change-tcp-mss=yes local-address=10.129.0.1 name=PPTP-Server remote-address=LAN-DHCP use-encryption=yes

3. I had the remote address defined on the PPTP Server as the appropriate DHCP pool… You seem to have a pool, but manually set the IP for each secret.

Mine:

/ppp secret
add name=username password=password profile=PPTP-Server

4. When I did need to set an IP manually for a user, I made sure to set that IP OUTSIDE the dhcp range. You don’t. Not sure if that has any bearing though. I did set that static assignment though the secret.

5. You say you have a bridge but I’m not seeing your ethernet ports setup as such… My config looked like:

/interface bridge
add arp=proxy-arp l2mtu=1598 name=bridge1

/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wlan1

Under /interface ethernet it is empty. Set up proxy-arp on your interfaces if you don’t have them in a bridge that has member ports.

Edit: Ok I think I found your bridge config in the middle there:

/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=ether3 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no

And addresses:

/ip address
add address=228.105.107.182/30 disabled=no interface=ether1 network=228.105.107.180
add address=192.168.10.1/24 disabled=no interface=ether2 network=192.168.10.0

a. I’d change the address 192.168.10.1’d interface to be the bridge, not ether2.

Mine:

/ip address
add address=10.129.0.1/24 interface=bridge1 network=10.129.0.0

6. In general I see a lot of stuff in your config in the area you are working on that I don’t see in mine… Anything extra is just extra, you don’t have to define a value for every option just the ones you use.

I know this may not be your fault… it might be the version of ROS that you’re using (I think they changed the behavior of export sometime recently). But I’d upgrade to the latest version and export compact again. See the examples below:

Secrets:
Yours:

/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
local-address=192.168.10.1 name=kas password=1111111111111111111111111 profile=\
default-encryption remote-address=192.168.10.100 routes="" service=pptp

Mine:

/ppp secret
add name=username password=password profile=PPTP-Server

Server Profile:
Yours:

/ppp profile
set default change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
set default-encryption change-tcp-mss=yes dns-server=192.168.10.155 name=\
default-encryption only-one=default use-compression=default \
use-encryption=yes use-mpls=default use-vj-compression=default \
wins-server=192.168.10.155

Mine:

/ppp profile
add change-tcp-mss=yes local-address=10.129.0.1 name=PPTP-Server remote-address=LAN-DHCP use-encryption=yes

(I just give the PPTP connection an ip out of the LAN pool… unless you’re going to be doing something special with them by IP, why have a separate range?)