RB450G as PPTP bridge to remote LAN - Pulling hair out!

Asterman · October 19, 2012, 4:19am

I am trying to set up a RB450G to act as a PPTP bridge to a remote LAN.

On the remote LAN, there is a Linux Router running PPTPD, and Windoze machines can connect via their WAN Miniport driver to establish a VPN succesfully, so I know the Linux server is doing it’s job.

The Ideal scenario is NAT running on the RB that upon demand PPTP’s into the Linux Server on the remote LAN. Then any number of devices behind the RB can access the private LAN.

Another scenario is to simply have one (hopefully multiple) non-NATed IP’s presented directly to device(s) behind the RB, thus having actual direct IP’s on the remote LAN.

PPTPD on the Linux Server serves it’s IP’s from a pool, so a remote VPN client doesn’t know until connection what IP he will be assigned, so I can’t really hardcode it in the RB.

I’ve tried everything I can find about PPTP in RouterOS and I can’t even make any of these scenarios work at all!

I’d appreciate any advice!

Here’s my PPTP config:

[admin@RouterBoard450G] /interface pptp-client> print
Flags: X - disabled, R - running 
 0  R name="pptp-out1" max-mtu=1460 max-mru=1460 mrru=disabled 
      connect-to=1.2.3.4 user="soho" password="1234" 
      profile=default-encryption add-default-route=yes dial-on-demand=yes 
      allow=pap,chap,mschap1,mschap2

The IP of the PPTPD server is 1.2.3.4
The RB’s Eth1 port is connected to a DSL Router with an IP address of 10.0.0.1 that is serving DHCP.
The RB is assigned a 10.0.0.x with a gateway of 10.0.0.1.

When I toggle the “dial-on-demand” off, I can make the RB successfully authenticate and be assigned it’s IP address, but I can’t for the life of me make it pass any traffic!

I’ve tried messing with the routes, changing the NAT out interface, disabling NAT. I’m out of ideas.

Anyone? =)

raymonvdm · October 19, 2012, 9:53am

Is it possible to send a ping using tools → ping in Winbox of WebFig with source interface the pptp tunnel ?

BlackFate · October 19, 2012, 1:58pm

So you want to route all your mikrotik traffic through that pptp-client interface?

TrollMan · October 19, 2012, 2:09pm

I used nat and packet marks/mangle to do this.

BlackFate · October 19, 2012, 2:11pm

First of all… masqurade the pptp-client interface to gain access to the actual network from your pc. If you also want to change the default gateway to pptp-client so you can basically pass all traffic through the vpn, then you should follow this guide here. http://unblockvpn.com/support/how-to-set-up-unblock-vpn-on-router-mikrotik.html

Asterman · October 19, 2012, 10:26pm

Made it work!

I created a static route for the IP of the PPTP server to the Default Gateway of the DSL router. That got the PPTP connection up, then created another default route for everything to the default gateway at the remote site. Then assigned the NAT interface to the PPTP.

Voila!

Thanks everyone for the tips!

Now I’d like to figure out how continue to also access the home LAN simultaneously. I wish the RB450G had 3 Ethernet interfaces.

Does anyone know the lowest-cost RB with at least 3 distinct GB Eth’s? When I was investigating It seemed like the RB450G had 3, but it only has 2 with a switch.

-Phil

raymonvdm · October 22, 2012, 6:47am

Im using 5 ethernet interfaces on the RB450G. So i dont undestand your issue with the RB450G

The default gateway for your lan network should be the Mikrotik machine. On the mikrotik machine your should create a more specific route too reach your vpn desstination.

Asterman · October 22, 2012, 9:19pm

My RB450G’s architecture seems to be only 2 actual interfaces behind the 5 port switch. So you can configure 1+4 or 2+3, etc, but you can’t have more than 2 distinct paths. (unless I am just not doing it right)