pptp ppp error someone wanna reach my network?

vejce4444 · March 17, 2020, 6:27am

Hello,

I am new in to Mikrotik world. I want to ask about one error. Everything work without problem but sometimes I have on my mobile phone/laptop “connected but no internet access”. I look in the log and I found there are sometimes these errors:
Time Mar/17/2020 04:47:00
Buffer memory
Topics pptp ppp error
Message <888>: user 123456 authentication failed

There are 3 or 4 daily from different users (user 0, vpn, pptp). I have confinfigured pptp vpn for access on to my server (working without problem). I have susspect someone try reach my network via pptp protocol. Am I right? I configured this protocol because its user friendly to use on new device but If I am right I ll change it on the open VPN (with cert). Thank you so much for answer.

Log error:

erlinden · March 17, 2020, 7:17am

Any service you offer to the internet can be compromised. Especially the legacy stuff like PPTP is subject to attacks.
As you are a MikroTik user, please consider using IPSEC of LT2P. This is offloaded (depending on your hardware) and supported by any device without the need of additional components for OpenVPN.

vejce4444 · March 17, 2020, 5:55pm

Hello,

thank you for your answer. I turned off PPTP and configure L2TP with IPsec. You have right it is better option. I had little bit problem with configure android (some Android bullshit with shared IPsec) but now it is work on PC/Phone. Thank you for your reply

erlinden · March 18, 2020, 6:57am

Good to hear!

Roberto69 · January 20, 2022, 9:19am

I agree PPTP is legacy stuff and we should avoid it. But is there any way to find out (and to block it) ip address, from attacker trying to login?

jan/20/2022 09:59:36 pptp,ppp,error <343>: user an authentication failed

Thank You

own3r1138 · January 20, 2022, 1:27pm

Yes, you can use scripts to read the log file and put them into the address list then you drop that address list.
but as you already moved to L2TP I don’t see any reason for that. just disable PPTP and GRE and all is good.

Roberto69 · January 20, 2022, 1:48pm

I agree, but still have one link based on PPTP. I know it’ll be good to change, but router is remote …
In meantime I’d like to get rid of “kilo” of messages

own3r1138 · January 20, 2022, 2:14pm

Is the client have a static IP or something that you could allow that client and drop everything else on PPTP, CUZ right now the scripts that I know of work with IPsec fail connection, not a PPTP error.

Roberto69 · January 20, 2022, 2:29pm

Yes, client has fixed IP. Good idea, but where can I allow connection only for one IP and drop all other? In firewall?

own3r1138 · January 20, 2022, 2:33pm

Yes, it’s in the firewall but please before adding any drop rules in your firewall use safe mode. make sure you don’t get locked out by the same rule.