PPTP pool size

111111 · October 31, 2014, 8:27pm

Is there a limit in pool size of pptp-server.
I try to use /23 size pool but internet via pptp stop, with /24 is ok
any example

jacekes · October 31, 2014, 8:30pm

Do you use the pool for local-address or remote-address?
Doesn’t the /23 pool overlap with some other address space you use?

111111 · October 31, 2014, 8:39pm

no overlap
set interface ip
192.168.100.1/23
local-address 192.168.100.2-254
remote-address 192.168.101.2-254

in moment

interface ip
192.168.100.1/24
local-address 192.168.100.2-128
remote-address 192.168.100.129-254

but 125 ip’s not enough need one C subnet 253 ip’s

jacekes · October 31, 2014, 8:51pm

What interface do you address with 192.168.100.1/23?

Do you use PPTP tunnels to connect customers?

Paste the output of:
/interface print
/ip address print

111111 · October 31, 2014, 9:15pm

router have only one lan interface
take via dhcp default route to internet
clients connect also to this interface

/interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                                     TYPE               MTU L2MTU  MAX-L2MTU
 0  R  LAN                                                      ether             1500 16383      16383

/ip address pr
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                      
 0   192.168.100.1/23   192.168.100.0   LAN                                                            
 1 D 192.168.88.248/24  192.168.88.0    LAN        < to internet

it work now but pool is to small

jacekes · October 31, 2014, 10:47pm

Set the local-address and remote-address pool to something completely different, for example:
local-address 172.16.105.0/24.
remote-address 172.16.205.0/24
Addresses in pptp can and should be from completely different subnet, than interface address.

111111 · November 1, 2014, 12:22am

agree, but in my case not work
maby mascarading is problem?

/ip firewall nat
add action=masquerade chain=srcnat comment="VPN NAT" disabled=no out-interface=l2tp-INET src-address=192.168.100.0/23

also mark with

/ip fi ma
add action=mark-routing chain=prerouting comment=L2TP disabled=no dst-address-list="!Local subnet" new-routing-mark=for_VPN passthrough=yes src-address=192.168.100.0/23

to make clents to go via L2TP interface to internet

jacekes · November 1, 2014, 8:48am

Oh, so there’s more config than just the PPTP?
Basically, you have had overlapping addresses - LAN interface address overlapped with remote and local addresses in PPTP.
I guess you should fix the overlapping the way I suggested in the previous post and then change src-address in the masquerade and mangle rules to the 172.16.205.0/24 subnet.

111111 · November 1, 2014, 2:50pm

no overlapping, because no one get ip with is on router, it is out of range of pools.