So i finally have some basics down and got my first firewall setup and doing what i wanted it to do except for setting up a PPTP vpn to a Windows Server essentials 2012 R2 machine behind the Firewall.
So my setup looks something like this, i have a Huawei 4G router providing me with internet access connected to ether 1 on my RB750r2, ether 2-4 are bridged for LAN.
so my 4g router has a IP of x.x.0.1, my wan port on my rb750 has the ip x.x.0.25, on the LAN side my router ip is x.x.1.1 and my server has the IP of x.x.20. what i have done thus far is forward the ports from my 4g router to my rb750, this part works as i have a firewall rule in the input chain that allows packets to the router and i can see the packet count go up every time i try to initiate the connection
any and all help would be appreciated.
Re: PPTP vpn to Windows server inside my network
Just to make sure - you want MikroTik to work as PPTP server and you remote machine as a client, right? If so, I understand that your ISP gives you public IP or your server and client are in the same local network. It's hard to understand from your hidden IP addresses.
Re: PPTP vpn to Windows server inside my network
Most likely he wants to setup PPTP VPN ON internal Windows Server, so only NAT should be required (with correct FW rules)
Which ports to unblock for VPN traffic to pass-through?
Which ports to unblock for VPN traffic to pass-through?
Re: PPTP vpn to Windows server inside my network
OK, I get it now. So need to put it in console:
Code: Select all
/ip firewall nat add chain=dstnat protocol=tcp port=1723 in-interface=ether1 action=dst-nat to-addresses=x.x.0.20 to-ports=1723
Re: PPTP vpn to Windows server inside my network
Hi,
kind regards,
... and depending on his firewall filter rule might add this as well:OK, I get it now. So need to put it in console:Code: Select all/ip firewall nat add chain=dstnat protocol=tcp port=1723 in-interface=ether1 action=dst-nat to-addresses=x.x.0.20 to-ports=1723
Code: Select all
/ip firewall filter
add action=accept chain=input comment="Accept PPTP connection to be forwarded" dst-port=1723 in-interface=\
ether1 log=yes log-prefix=pptp-passthrough protocol=tcpRe: PPTP vpn to Windows server inside my network
Or use the magic rule
Code: Select all
/ip firewall filter
add action=accept chain=forward connection-nat-state=dstnat
Re: PPTP vpn to Windows server inside my network
Don't forget to forward ip protocol 47, too... 1723 is only the control port, the actual data transport happens over GRE.
Helpers may not work properly over NAT, so manual forwarding may be needed.
Helpers may not work properly over NAT, so manual forwarding may be needed.
Re: PPTP vpn to Windows server inside my network
To forward PPTP into a Windows PPTP Server:
- Forward TCP port 1723 (dst-nat chain) to server IP
- Forward GRE packets to server IP. GRE is an IP Protocol, alternative to TCP.
- Input Filters have no effect on packets forwarding through your router. Adding the input filter rule in the firewall is only required if your Mikrotik is the PPTP server.
- Forward TCP port 1723 (dst-nat chain) to server IP
- Forward GRE packets to server IP. GRE is an IP Protocol, alternative to TCP.
- Input Filters have no effect on packets forwarding through your router. Adding the input filter rule in the firewall is only required if your Mikrotik is the PPTP server.
Who is online
Users browsing this forum: No registered users and 38 guests