I am trying to setup a VPN connection. Right now just trying to connect with iPhone. if I connect while on local network everything works fine. Any help would be greatly appreciated. I’ve been trying to figure this out for hours. If any other info would be helpful please let me know.
19:07:40 pptp,info TCP connection established from 192.168.88.253
19:07:40 pptp,ppp,info <pptp-0>: waiting for call...
19:07:41 pptp,ppp,info <pptp-0>: authenticated
19:07:41 pptp,ppp,info <pptp-0>: using encoding - MPPE128 stateless
19:07:42 pptp,ppp,info <pptp-0>: connected
But if I try to connect outside network this is what I see in the log.
19:07:59 pptp,info TCP connection established from 174.252.59.99
19:07:59 pptp,ppp,info <pptp-0>: waiting for call...
19:08:05 pptp,ppp,info <pptp-0>: terminating...
19:08:05 pptp,ppp,info <pptp-0>: disconnected
This is how I set it up.
PPP → PPTP Server → enabled
PPP → Secrets → set a name, set password, set local address not in scope, set another ip address not in scope
Added firewall rules
GRE
TCP 1723
/ip firewall export
# apr/20/2012 19:18:21 by RouterOS 5.15
# software id = 99RP-F7NN
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input disabled=no protocol=gre
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip firewall nat print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=75.22.163.191 gateway-status=75.22.163.191 reachable via ether1-gateway distance=1 scope=30 target-scope=10
vrf-interface=ether1-gateway
1 ADC dst-address=75.22.163.0/24 pref-src=75.22.163.192 gateway=ether1-gateway gateway-status=ether1-gateway reachable distance=0 scope=10
2 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether2-master-local gateway-status=ether2-master-local reachable distance=0 scope=10
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.xxx gateway-status=xxx.xxx.xxx.xxx reachable via ether1-gateway distance=1 scope=30 target-scope=10
vrf-interface=ether1-gateway
1 ADC dst-address=xxx.xxx.xxx.0/24 pref-src=xxx.xxx.xxx.xxx gateway=ether1-gateway gateway-status=ether1-gateway reachable distance=0 scope=10
2 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether2-master-local gateway-status=ether2-master-local reachable distance=0 scope=10
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 interface=ether2-master-local actual-interface=ether2-master-local
1 D address=xxx.xxx.xxx.xxx/24 network=xxx.xxx.xxx.xxx interface=ether1-gateway actual-interface=ether1-gateway
/interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU
0 R ether1-gateway ether 1500 1526 1526
1 R ether2-master-local ether 1500 1524 1524
2 R ether3-slave-local ether 1500 1524 1524
3 R ether4-slave-local ether 1500 1524 1524
4 ether5-slave-local ether 1500 1524 1524
/ppp export
# apr/20/2012 19:37:31 by RouterOS 5.15
# software id = 99RP-F7NN
#
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=default use-encryption=default use-mpls=default use-vj-compression=default
set 1 change-tcp-mss=yes name=default-encryption only-one=default use-compression=default use-encryption=yes use-mpls=default use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 local-address=192.168.88.4 name=xxx password=xxxx profile=default-encryption \
remote-address=192.168.88.5 routes="" service=pptp