Problem With PSN ( PS4 )

Ashkanoveisi · July 21, 2017, 8:57pm

HI ,
Im new in this forum and im amature in mikrotik router.
i try to set VPN on my MK ( PPTP ) cuz in my country some websites are restricted like Youtube , Facebook and … So i create PPTP and i select WLAN Interface for it .
Problem is when i enable the pptp from PPP tab , everythings allright in PS4 ecxept Playstation Network Sign-in ( Failed ), and when i disable the pptp, PSN : Successful . What is the problem ? Please help me.
Here is the Screenshot of my PS4

idlemind · July 22, 2017, 6:33am

We would need to see the configs to be of real help.

/export hide-sensitive

Additionally PPTP is not considered safe or secure anymore. That means your VPN “could” at least theoretically be made to expose sensitive data like accessing Facebook.

Ashkanoveisi · July 22, 2017, 5:08pm

idlemind:

We would need to see the configs to be of real help.
/export hide-sensitive
Additionally PPTP is not considered safe or secure anymore. That means your VPN “could” at least theoretically be made to expose sensitive data like accessing Facebook.

Thx for your reply
Here’s the export result :

[admin@MikroTik] >> /export hide-sensitive 
# jul/22/2017 21:48:13 by RouterOS 6.34.2
# software id = UMV4-LGN4
#
/interface bridge
add disabled=yes name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \
    mode=ap-bridge ssid=AP-Ashkann
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
/interface pptp-client
add connect-to=vp7.mytvps.com mrru=1600 name=Netherland user=ashkan123456
add connect-to=130.185.77.47 mrru=1600 name=Ping user=ashkan123456
add connect-to=vpus.mytvps.com mrru=1600 name=USA user=ashkan123456
add connect-to=vpns3.98net.in mrru=1600 name=pptp-out2 user=a98net7114
/ip neighbor discovery
set ether1 comment=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
    group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm
/ip pool
add name=dhcp_pool1 ranges=0.0.0.2-255.255.255.254
add name=dhcp_pool2 ranges=0.0.0.2-255.255.255.254
add name=dhcp_pool3 ranges=192.168.0.1-192.168.0.5,192.168.0.7-192.168.0.254
add name=dhcp_pool4 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool5 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool6 ranges=192.168.0.1-192.168.0.5,192.168.0.7-192.168.0.254
add name=dhcp_pool7 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool8 ranges=192.168.1.2-192.168.1.30
add name=dhcp_pool9 ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool8 disabled=no interface=wlan1 name=server1
/interface bridge port
add interface=ether1
add interface=wlan1
/ip address
add address=192.168.1.1/24 interface=wlan1 network=192.168.1.0
add address=192.168.0.5/24 interface=ether1 network=192.168.0.0
/ip dhcp-server lease
add address=192.168.1.30 client-id=1:28:a0:2b:76:6c:2c mac-address=\
    28:A0:2B:76:6C:2C server=server1
add address=192.168.1.29 client-id=1:48:a1:95:9f:52:95 mac-address=\
    48:A1:95:9F:52:95 server=server1
add address=192.168.1.26 client-id=1:40:f3:8:ee:1:fa mac-address=\
    40:F3:08:EE:01:FA server=server1
/ip dhcp-server network
add dns-server=192.168.0.4 gateway=0.0.0.1
add address=192.168.0.0/24 dns-server=192.168.0.5 gateway=192.168.0.1
add address=192.168.1.0/24 dns-server=8.8.8.8,4.2.2.4 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=4.2.2.4,8.8.8.8
/ip firewall address-list
add address=192.168.0.0/24 list=lan-users
/ip firewall filter
add action=drop chain=forward protocol=!tcp src-mac-address=3C:BD:D8:B0:BD:AD
add action=drop chain=forward disabled=yes protocol=!tcp src-mac-address=\
    48:5A:3F:93:65:29
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=wifi-users \
    src-address=192.168.1.0/24
add action=mark-routing chain=prerouting new-routing-mark=lan-users \
    src-address=192.168.0.0/24
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add disabled=yes distance=1 gateway=Netherland routing-mark=wifi-users
add distance=1 gateway=192.168.0.1
/system clock
set time-zone-name=Asia/Tehran
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled

Ashkanoveisi · July 23, 2017, 3:38pm

Any Idea to help me ?

idlemind · July 24, 2017, 5:15pm

Your configuration shows some oddities at least from a “fresh eye’s” perspective. It seems you have a lot of unused configuration (IP pools). Additionally, you’ve set some ether ports to be master-port of ether1 and it seems that’s your WAN port. This along with bridging ether1 and wlan1 seems like your entire environment is setup to be on your WAN. To add to this you’ve got an IP address for one subnet on wlan1 and another subnet on ether1 both members of the same bridge.

I’d start with some clarification of why everything is bridged to your “outside” interface. I’m thinking you’re being saved by the very generic SRCNAT of MASQUERADE in your /ip firewall nat from a functionality standpoint.

The best action to get you into an optimal state would be to get you to a “typical” state unless you provide some additional reasoning. This being a normal WAN side and a normal LAN side where your WiFi and such lives. The server you have may need to be NAT’d through the firewall or we can create a WAN side bridge and leave it exposed to the Internet if needed. Also, It seems you’ve setup 4 VPN profiles. What’s the reason for all them? Are they meant as fail-over options or just old-configs? When we get to that state we can tweak your NAT rules to ensure everything is working as expected. Also a MRRU of 1600 when you have a 1500 MTU is likely not ideal. The last part of this is your PS4 network may not work properly through a provider VPN with normal PAT.