pptp route problem

hmontoliu · November 26, 2012, 11:21am

Hi, I’m having a problem with a PPTP setup with a Mikrotik RB750 (updated to last version) in one side

Basically the setup is:

...
/ip firewall service-port set pptp disabled=no
/ppp profile add name="pptp-in" local-address=192.168.40.1 remote-address=pptp use-encryption=required only-one=yes change-tcp-mss=yes dns-server=192.168.40.1
/interface pptp-server server set enabled=yes max-mtu=1460 max-mru=1460 authentication=chap,mschap1,mschap2 default-profile=pptp-in
/ppp secret add name="myvpn" service=pptp password="xxxxxxx" profile=pptp-in
...
# VPN route
/ip route add dst-address=192.168.1.0/24 gateway=<pptp-myvpn>

The VPN works fine, but sometimes if the connection gets lost, when the VPN comes back the VPN route fails to re-stablish. The mikrotik seems to be unable to restore that route. So when that happens, I have to write the route myself to get everything working right again.

What I’m doing wrong? Am I missing something?
Is it possible to create a script sets the route back after a VPN reconnection? if so, any hints would be appreciated.

Thanks in advance

cbrown · November 26, 2012, 2:16pm

It is because the route is looking at a dynamic interface. When the dynamic interface goes away the route does not know which interface to point to. You can make this static by going to the dynamic interface while it is connected and click “Copy”.

Or you could set the remote address so it always pulls the same address and point your route to that address instead of an interface.

hmontoliu · November 28, 2012, 11:02am

Thanks, the first option worked flawlessly

however, I’m still facing some connection problems with that vpn. Is there any watchdog or similar that restarts the vpn if pinging to a remote machine fails?

Thanks again in advance.

hmontoliu · November 28, 2012, 11:44am

Never mind the last question, watchdog watch-address seems to work.

shahbazian · November 28, 2012, 7:31pm

The best way is use the following command:

/ppp secret add name="myvpn" service=pptp password="xxxxxxx" profile=pptp-in routes=192.168.1.0/24

instead of add static route.

Using routes option in ppp secret is beter than add static route for ppptp clients

cbrown · November 28, 2012, 11:32pm

Why is it “better”?

shahbazian · February 28, 2014, 11:14pm

Because the route create dynamically when user connected to the router and disappear when user disconnected. And so the route will work flawlessly in all kinds of conditions, such as: changed vpn client ip address or any other changes.