PPTP throught Destination NAT forward problem with GRE?

Hi,friends

I use ROS 2.9.6 to build a VPN forward server on internet, the VPN server (PPTP) based on Windows 2003 at city A, and a VPN forward server based on ROS 2.9.6 at city B, and the PPTP clients base winxp at city C, the network struct like this:

PPTPClients–(internet)–ROS[dst-nat]–(internet)–PPTP Server

The ROS hardware is only 1 NIC, was colocation with 1 public IP, nat rules just like that:

/ ip firewall nat
add chain=srcnat action=masquerade comment=“” disabled=no
add chain=dstnat protocol=tcp dst-port=1723
action=dst-nat to-addresses=67.213.79.130 to-ports=1723 comment=“”
disabled=no
add chain=dstnat protocol=gre action=dst-nat
to-addresses=67.213.79.130 to-ports=0-65535 comment=“” disabled=no
add chain=srcnat protocol=gre connection-type=gre action=masquerade comment=“”
disabled=no

The ROS public IP is 221.170.246.8, then I test the VPN forward, the VPN client (XP) dail in 221.170.246.8,the first client with first WAN IP(ADSL) can connected to VPN server well,but the 2nd client (another ADSL) can not connect to VPN server and report error 721, this error means the GRE packets was filtered by firewall,the error message on Win2003 RRAS like this:

Event Type: Warning
Event Source: Rasman
Event Category: None
Event ID: 20209
Description:
A connection between the VPN server and the VPN client 221.170.246.8 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user’s network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.

I don’t know why? How to configure this NAT rule make it forward any and many pptp client
to my VPN server?

Upgrade the latest version, also provide a SRC NAT rule from the server as the same public IP.

Just correct the NAT rules, it is good to configure as action=src-nat to-addresses=X.X.X.X and also out-interface=PUBLIC, make sure that you avoid masquerade.

I have try many times, all failed!
Take a look here, I just disabled the masquerade of srcnat, my nat rules is here:
/ip firewall nat
add chain=srcnat action=masquerade comment="" disabled=yes
add chain=dstnat in-interface=ether1 dst-address=221.170.246.8
protocol=tcp dst-port=1723 action=dst-nat to-addresses=67.213.79.130
to-ports=1723 comment="" disabled=no
add chain=dstnat in-interface=ether1 dst-address=221.170.246.8
protocol=gre action=dst-nat to-addresses=67.213.79.130 to-ports=0
comment="" disabled=no
add chain=srcnat out-interface=ether1 src-address=67.213.79.130
protocol=gre connection-type=gre action=src-nat
to-addresses=221.170.246.8 to-ports=0-65535 comment="" disabled=no
add chain=srcnat out-interface=ether1 src-address=67.213.79.130
protocol=tcp src-port=1723 action=src-nat to-addresses=221.170.246.8
to-ports=1723 comment="" disabled=no

But it doesn't work! None client can connect VPN Server successful! And it reponsed error 800!
Then I add another one rule to try again:
add chain=srcnat src-address=67.213.79.130 action=masquerade comment="" disabled=no

It still failed!
It seens src-nat may be failed to forward PPTP and GRE, so I restore the original rules, only one GRE tunnel can be create from the first VPN client IP to the ROS.

Any body can help me?

Does MT ROS 2.9.6 support NAT multi-GRE tunnel? Should I upgrade 3.x? Which version of ROS has patch of this problem?

I have upgrade to 3.7 VM version to test ok!
Oh…

I test many versions, and I found that the version > 3.0r9 will support muti-nat-gre well!