Hello everybody,
for days I try in vain to set up a PPTP server on my RB750.
The interface is ethter5 with 192.168.168.201
TCP 1723 and GRE is routed from the Internet router to 192.168.168.201.
In IP / Firewall chain input TCP 1723 and GRE action is set to accept.
The request goes from WAN to 192.168.168.201:1723
but from there no longer back to WAN.
How do I have to accept the setting for the response to be sent back to WAN?
Thanks a lot, cheers, Mike.
Are you sure that your ISP isn’t blocking pptp servers?
Yes, I am prety sure that GRE isn’t blocked by ISP, becaus when allowing incoming PPTP connections on my local windows 7 machine, connecting works as expected.
I attached a screen shot which shows the connections currently made while trying to connect from outside via VPN PPTP.
It seems that the reply isn’t send to the right destination. The destination address is totally unknown by me, maybe because it is an arp address?
Has anybody any hint to solve my problem, I am out of ideas now 
Cheers, Mike.
Ok, so far, 179.94.44.42 ist the ip which requested the vpn tunnel. This seems to be ok, but why the connection isn’t accepted by the vpn client?
Thanks a lot, Mike.
Looks like 192.168.178.201 isn’t src-natted, can you post your 750 configuration?
This is the part of config I'm playing with:
/IP FIREWALL FILTER
0 chain=input action=accept protocol=tcp dst-port=1723,10000 log=no log-prefix=""
1 chain=input action=accept protocol=gre log=yes log=no log-prefix=""
2 ;;; default configuration
chain=input action=drop in-interface=ether5-LAN-rau log=no log-prefix=""
/IP FIREWALL NAT
0 chain=srcnat action=masquerade out-interface=ether5-LAN-rau log=no log-prefix=""
/INTERFACES
0 X ether1-WAN-gateway ether 1500 1598 4074
1 X ether2-master-local ether 1500 1598 4074
2 X ether3-WLAN-hotspot ether 1500 1598 4074
3 X ether4-LAN-office ether 1500 1598 4074
4 R ether5-LAN-rau ether 1500 1598 4074
5 X l2tp-in1 l2tp-in
6 X pptp-server pptp-in
/IP ADDRESS
0 X ;;; default configuration
10.56.103.1/24 10.56.103.0 ether2-master-local
1 ;;; rau address
192.168.178.201/24 192.168.178.0 ether5-LAN-rau
2 X ;;; office address
192.168.149.1/24 192.168.149.0 ether4-LAN-office
3 X ;;; hotspot network
10.10.10.1/24 10.10.10.0 ether3-WLAN-hotspot
As long I try to connect via LAN (VPN server '192.168.178.201') a valid connection is done.
The right ip address was set, but no default gateway and sub net mask of 255.255.255.255 was set for this vpn connection.
Is this correct?
You should use your public IP to connect from the outside instead of 192.168.178.210, you can’t reach that IP from Internet.
The masquerade rule you used is useless in this case.
Are you trying to make a VPN to connect to your LAN?
Assume your public IP is 1.2.3.4, do the following:
I configured as you described above,
but unfortunately I had no luck, a connection was not established.
When I try to connect via vpn address of the RB interface within the LAN (vpn server address 192.168.178.201)
a valid connection is established, but not from WAN (public IP).
I forgot to mention that the DSL Router (FritzBox) is configured to forward the ports TCP 1723 and GRE to the
RB interface (192.168.178.201).
Maybe this could be a problem?
Thanks a lot for your help, cheers, Mike.
I hope I figured out what does the trick...:
Adding a static route to define a standard gateway to reach the internet.
I found it while tying to configure a NTP time server, which wasn't reached 
0 A S 0.0.0.0/0 192.168.178.1 1
1 ADC 192.168.178.0/24 192.168.178.201 ether5-LAN-rau 0
Next step will be to enable L2TP and IPSec...
I can’t stress this enough. PPTP is not a secure protocol. You really shouldn’t be using it.
IKEv2 would be the best option going forward for a remote access VPN. A quick search of the Googles … https://jcutrer.com/howto/networking/mikrotik/ios-ikev2-vpn-mikrotik
Notes: https://libreswan.org/wiki/Interoperability#L2TP_.2F_IPsec_with_the_server_behind_NAT
