Hello all,
I’ve just installed an mt450g in front of our ISA server 2006 (i replaces an pfsense machine with the mikrotik device).
Now i cannot open pptp connections from inside the network.
After a bit of researching it seems to be a bug in the nat engine in linux.
The situation is perfectly documented here:
http://blogs.technet.com/b/isablog/archive/2009/01/07/a-pptp-client-might-fail-to-connect-to-a-vpn-server-on-the-internet-through-an-isa-server-2006.aspx
Any solutions?
Thanks.
anyone?
The community can’t upgrade code for you. If it’s still an issue with the most recent version contact support at support@mikrotik.com.
I will.
Until then, can anyone confirm the bug or give me an idea of a workaround?
thanks.
upgrade to RouterOS v5rc4. If problem persists, email supout.rif file to support at mikrotik dot com and explain the problem.
i’ve allready contacted support,and attached the file. still waiting for an answer.
Is there anything changed on the nat editor between 4.13 and 5rc4 or is that just a shot in the dark?
a lot of things have changed, the linux kernel is different.
ok, i’ll try it, tonight i hope.
for anyone having the same issue.
i tried using version 4.13 and 5.0 rc3 with no luck.
the solution is to switch to another router that doesn’t have this nat editor bug, or redesing your internal network so that you don’t double nat with mikrotik and microsoft isa (or, maybe, any other firewall/router).
i choose the first.
could it be possible to bypass the nat editor bug by moving all pptp traffic to another router (pfsense)?
when mikrotik receives a packet on tcp/1823 or gre it sould forward the packet to another router, without changing pptp related info.
thanks.