Hello There! I am using two Mikrotik routers one in the city(RB450) and other one at home(RB750). Both these routers are connected to two different ISPs. In the city router RB 450's ether1 is connected to the ISPs DSL line which gets dynamic IP from the ISP and other one RB750 at home is connected to LAN port with ether2 and ISP's internet connection is through my PC's wireless card(WISP), who is also providing dynamic IP to connect to the net. Now i want to access my RB450 router in the city to check its status and further network connected to this router. I have follow the PPTP setup guide at documentation page at Mikrotik site to connect these ones, but it didn't work to me. I have also checked with connecting the LAN port of my PC at which RB750 is connected at home to connect to the wireless card of PC through ICS setting in network connection window for internet sharing with LAN, but can't connect to the RB450 in the city over internet. Is anybody there who could please let me guide with a step-by-step PPTP configuration procedure in Winbox to bridge these two router boards through two differently connected ISPs internet connections, who are using dynamic IP addressing scheme to its clients.

Please help by giving a complete setup guide for PPPTP link over net.

Thanks,
Paams

Hello There! I am using two Mikrotik routers one in the city(RB450) and other one at home(RB750). Both these routers are connected to two different ISPs. In the city router RB 450's ether1 is connected to the ISPs DSL line which gets dynamic IP from the ISP and other one RB750 at home is connected to LAN port with ether2 and ISP's internet connection is through my PC's wireless card(WISP), who is also providing dynamic IP to connect to the net. Now i want to access my RB450 router in the city to check its status and further network connected to this router. I have follow the PPTP setup guide at documentation page at Mikrotik site to connect these ones, but it didn't work to me. I have also checked with connecting the LAN port of my PC at which RB750 is connected at home to connect to the wireless card of PC through ICS setting in network connection window for internet sharing with LAN, but can't connect to the RB450 in the city over internet. Is anybody there who could please let me guide with a step-by-step PPTP configuration procedure in Winbox to bridge these two router boards through two differently connected ISPs internet connections, who are using dynamic IP addressing scheme to its clients.

Please help by giving a complete setup guide for PPPTP link over net.

Thanks,
Paams

mine using static public ip in both mikbox my pptp working fine.

Do your routers show that PPTP tunnel is up and running? Or is it a problem where you cannot pass traffic over established one?

RB450 must have route 0.0.0.0/0 gateway= internal IP of the modem. The modem that is connected to your RB450 has to forward port 1723 to the RB450's internal IP. You'll also have to setup DDNS (www.dyndns.org) for your Dynamic ip at the RB450's modem

RB450:

PPP-PPTP Settings: Enable PPTP Check only Mchap1 and mchap2 for Windows.
Secrets:Create user and pass. Service: PPTP

PC at home:

With Windows. Create new VPN connection under Network Connections. Server: DDNS adress. User+pass: the ones under secret

This worked for me!

RB450 must have route 0.0.0.0/0 gateway= internal IP of the modem. The modem that is connected to your RB450 has to forward port 1723 to the RB450's internal IP. You'll also have to setup DDNS (http://www.dyndns.org) for your Dynamic ip at the RB450's modem

RB450:

PPP-PPTP Settings: Enable PPTP Check only Mchap1 and mchap2 for Windows.
Secrets:Create user and pass. Service: PPTP

PC at home:

With Windows. Create new VPN connection under Network Connections. Server: DDNS adress. User+pass: the ones under secret

This worked for me!

Hello Frank607! I extremely apologizes can't respond back as i was not alerted about the reply for my post, even activating it by double checking while post at forum. I checked my post today with three replies with which yours one can help me a lot. Before that today i was searching whole day for the solution to access my Mikrotik router RB450 having dynamic IP address in the city from my home with windows as a PPTP client under VPN connection. Thanks for your response and happy to know that it worked for you and also exited to make it work for me. I have setup a VPN in Windows XP at my PC under network connection, but i am afraid to say that i am not accessing RB450 at city and getting errors types like 800, 651, while tried to connect to RB450. I think there can be something wrong with the setup at RB450 in the city, as you have explained many new things which i need to have checked at RB450. You are requested please send me the Winbox or New Terminal configuration to setup RB450 for PPTP setting for Windows PPTP VPN. How to setup gateway for internal IP of modem and to setup modem for 1732 forward porting to RB's450 internal IP? How to setup DDNS for dynamic IP for RB's modem. If possible also please assit with Windows VPN setup.

Hope you will assist me yours best to make me enable to access RB450 in the city from my home PC.

Thanking you and looking forward to the pleasure of hearing from you soon.

sincerely,
Paams

RB450 must have route 0.0.0.0/0 gateway= internal IP of the modem. The modem that is connected to your RB450 has to forward port 1723 to the RB450's internal IP. You'll also have to setup DDNS (http://www.dyndns.org) for your Dynamic ip at the RB450's modem

RB450:

PPP-PPTP Settings: Enable PPTP Check only Mchap1 and mchap2 for Windows.
Secrets:Create user and pass. Service: PPTP

PC at home:

With Windows. Create new VPN connection under Network Connections. Server: DDNS adress. User+pass: the ones under secret

This worked for me!

Hi Frank607! I have configured the ADSL modem mine one is TP-LINK (TP-LINK TD-8811) ADSL+Router and RB450 as per your instructions in the city as below, but afraid to say it didn't work. Please check the configuration and let me what i am missing:


-------------------------------------------------------------------
RB450 setup:
Winbox---> menu---> IP---> Routes--->add(+)----> Destination:0.0.0.0/0----> Gateway: 192.168.1.1 (default internal IP of TP-LINK's modem+router)----> Apply---> OK.

Winbox---> PPP--->Secrets---->Add(+)---->Name:ppp1--->Passward:*****------>Service:pptp
------>Profile:default------> Apply----->OK.

Then PPP--->Interface----PPTP-Server---->Name:pptp-in1---->User:ex1--->Apply--->OK.
Then PPTP-Server:Enable--->mscacp1, mschap2.

TP-LINK(TP-TD-8811) Modem setup:

http://192.168.1.1---->web interface-----> Advanced Setup----->Select NAT---->NAT virtual server setup---->Add---->NAT Virtual Server---->Select service:pptp---->Custom server: Mikrotik
----->server IP address: 10.10.x.x(internal IP address of RB450)----->add:

External Port Start, External Port End, Protocol:, Internal Port Start, Internal Port End
1723, 1723, TCP/UDP, 1723, 1723,

------>Save/Apply.

DNS----> add DDNS----> HostName----> hostname.dyndns.org----> Username: Username of hostname account---->password: used password with hostname account---->Save/apply.

PC at Home:

Network connections----> create new connections---->connect to network at my places---->VPN connection----->company name:Mikrotik---->Public network: select don't dial the initial connection--->VPN server selection----> Host name or IP address: hostname.dyndns.org--->Finish
---> connect Mikrotik window pops up-----User name: ex1(used with pptp-server in secrets at RB450)--->passwoad:*****(used with pptp-server in secrets at RB450) ---->Error800: Unable to establish VPN connection.

---------------------------------------------------------------------------

Please help me in establishing this VPN connection and let me know where and what i am missing in the pptp configuration. Please fix, where i am making mistake in the setup.

Thanking you and looking forward to the pleasure of hearing from you soon.

Sincerely,
Paams

Just like you allowed 1723 allow GRE (protocol 47) to go through as well.

http://forum.mikrotik.com/viewtopic.php?f=13&t=34877

Hello Frank607! Happy to see you again. Thanks to respond me.

I am afraid to say that i am having still problem with establishing PPTP link between my MT's 450 RouterOS server and Windows XP Client. I have been done everything from documentation to configuring my PPTP server and XP client, but I can't establish PPTP link over INTERNET. I am able to access RB450 router while within the same attached LAN network through my Windows XP VPN client, but when i try to access RB450 from outside (over INTERNET) it drops the connection and when connecting process goes through its "verifying username and password" process it gives me an error message "Error 619 a connection to remote computer could not established, the port used for this connection was closed". Below is my configuration for PPTP link between MT 450 server and Windows XP client: I have also replaced my TP-LINK Modem by NeatGear, as TP-LINK don't have firewall rules and Dynamic DNS options available. I am able to access my Netgear DSL Modem+router over internet using "myhostname.dyndns.org:8080" address, but unable to access RB450 behind it.

Please check my configuration once again:

-------------------------------------------------------------------
RB450 setup at remote location:
Winbox---> menu---> IP---> Routes--->add(+)----> Destination:0.0.0.0/0----> Gateway: 192.168.0.1 (default internal IP of NetGear ADSL modem+router)----> Apply---> OK.

Winbox---> PPP--->Secrets---->Add(+)---->Name:ppp1--->Passward:*****------>Service:pptp
------>Profile:default------> Apply----->OK.

Then PPP--->Interface----PPTP-Server---->Name:pptp-in1---->User:ex1--->Apply--->OK.
Then PPTP-Server:Enable--->mscacp1, mschap2.

NetGear's ADSL modem+router setup (model No:DM111PUSP)

http://192.168.0.1---->web interface-----> Advanced Setup----->Port Forwarding ---->Application Type: PPTP VPN---->Add----> External Packet: All-----> Protocol:TCP,RGE ----->Port:1723,47 ----> Internal Host IP:192.168.0.x (assigned by adsl modem+router to MT RB450 through its DHCP server)----> Save.

Firewall Rules: Disabled ------>Save

DNS----> add DDNS----> HostName----> hostname.dyndns.org----> Username: Username of hostname account---->password: used password with hostname account---->Save/apply.

PC at Home:

Network connections----> create new connections---->connect to network at my places---->VPN connection----->company name:Mikrotik---->Public network: select don't dial the initial connection--->VPN server selection----> Host name or IP address: hostname.dyndns.org--->Finish
---> connect Mikrotik window pops up-----User name: ex1(used with pptp-server in secrets at RB450)--->passwoad:*****(used with pptp-server in secrets at RB450) ---->"verifying user name and password"------> Error619: Unable to establish VPN connection with remote computer.

---------------------------------------------------------------------------

Please let me help in establishing this VPN connection and let me know where and what i am missing in the pptp configuration as i have been tried every configuration at both ends one-by-one with no PPTP link connectivity.

Once again any help will be appreciated greatly.

Thanks,
Paams

/ip firewall> filter
;;; Allow VPN PPTP
chain=input action=accept protocol=tcp
src-address=IP_Range1-IP_Range2 dst-port=1723

;;; Allow VPN PPTP
chain=input action=accept protocol=gre
src-address=IP_Range1-IP_Range2

/ip firewall> filter
;;; Allow VPN PPTP
chain=input action=accept protocol=tcp
src-address=IP_Range1-IP_Range2 dst-port=1723

;;; Allow VPN PPTP
chain=input action=accept protocol=gre
src-address=IP_Range1-IP_Range2

Hi ktcomgrup! Thanx! I have been used these firewall filter rules before, but no luck. But you have added an extra thing with src-address=IP_Range1-Range2. Please let me know what to add in those IP ranges . Is it the local IP address range provided by RB450's DHCP server to its clients in its local network? Can i use the RB450's address address at scr-address: "internal IP add. of RB450" instead of using IP range, as i want to access RB450 only at this time not the attached devices in ts LAN. When select protocol it gives 6(tcp) what to use whether 6(tcp) or only tcp. Secondly, there are few of other options come into play in this window what to select with these ones as:

Chain: input
Src. address : ?
Dst. address: ?

Protocol: 6(tcp)
Src. Port: ?
Dst. Port = 1723
Any port:?
In. interface: ?
Out. Interface: ?
Connection type:?

action= accept

Also is there a need to set NAT firewall rules? If yes! please explain which one.

Thanks,
Paams

Probably it will never work. Your PC is doing NAT (ie change your rb750's IP to the PC's own IP). PPTP rarely works when there's NAT in the way.

Try to use OVPN instead.

Probably it will never work. Your PC is doing NAT (ie change your rb750's IP to the PC's own IP). PPTP rarely works when there's NAT in the way.

Try to use OVPN instead.

Thanks andreacoppini! you mean Open Virtual Private Network (OVPN). Please let me provide the complete guide how to configure OVPN for both ends to establish a link between these two.

Thanks,
Paams

See http://wiki.mikrotik.com/wiki/OpenVPN.

Google is your friend...

See http://wiki.mikrotik.com/wiki/OpenVPN.

Google is your friend...

Hi andreacoppini! Sorry, but I have gone through OVPN tutorial also done some googling. It seems a lengthy process and require good amount of time to understand and to fix the problem in establishing this link and i am not sure whether it will work for me or not. Please correct me if i am wrong. Please understand me i have already been put a good amount of time in establishing the PPTP link with every configuration at Mikrotik documentation, wiki and other members support at forum to establish PPTP link between RB450 and RB750 or with Windows-XP client also at both ends, but no success. I know my PPTP link is complex and require advance setup as i am not using standard internet connection at one end and using it a bit around, but I'll not give up and keep trying and hope your full support. Please let me know did this OVPN worked for you? Is there any other way to access RB 450 over internet from my home PC or RB750?

Thanks,
Paams

Simply put, PPTP is not designed to be used behind NAT. In fact it's one of the worse protocols you could use behind a NAT device. So, I wish you luck in your attempt, but I won't hold my breath.

I've tried to implement PPTP and L2TP behind NAT devices. I've had some minor success with L2TP and PPTP to a lesser extend. With these two protocols, you may either not get a connection at all, or else the connection is established but no traffic goes through.

With OVPN, everything works fine. OVPN works through any internet connection you could through at it. It just uses one port and that port can be anything you want it to be, so even if your ISP is blocking some ports, with OVPN you can freely change the port it uses.

It IS a pain to set it up since you need to mess around with certificates, but using the Wiki and a free weekend, you'll manage to get it to work.

Simply put, PPTP is not designed to be used behind NAT. In fact it's one of the worse protocols you could use behind a NAT device. So, I wish you luck in your attempt, but I won't hold my breath.

I've tried to implement PPTP and L2TP behind NAT devices. I've had some minor success with L2TP and PPTP to a lesser extend. With these two protocols, you may either not get a connection at all, or else the connection is established but no traffic goes through.

With OVPN, everything works fine. OVPN works through any internet connection you could through at it. It just uses one port and that port can be anything you want it to be, so even if your ISP is blocking some ports, with OVPN you can freely change the port it uses.

It IS a pain to set it up since you need to mess around with certificates, but using the Wiki and a free weekend, you'll manage to get it to work.

Thanks andreacoppini! Please let me know do you been tested it own your own at your end and it worked for you?

Paams

yes of course, it works fine for me... in fact I added some bits to the Wiki myself.

yes of course, it works fine for me... in fact I added some bits to the Wiki myself.

Great!!! could you please guide me with the setup process at RB 450 and Windows-XP as i am not getting any idea from wiki that where i have to start it to setup. Confusing me a lot where to start to configure it. Also please provide the link where you have added it at wiki. I'll be grateful to you.

Thanks,
Paams

Simply put, PPTP is not designed to be used behind NAT. In fact it's one of the worse protocols you could use behind a NAT device. So, I wish you luck in your attempt, but I won't hold my breath.

I've tried to implement PPTP and L2TP behind NAT devices. I've had some minor success with L2TP and PPTP to a lesser extend. With these two protocols, you may either not get a connection at all, or else the connection is established but no traffic goes through.

With OVPN, everything works fine. OVPN works through any internet connection you could through at it. It just uses one port and that port can be anything you want it to be, so even if your ISP is blocking some ports, with OVPN you can freely change the port it uses.

It IS a pain to set it up since you need to mess around with certificates, but using the Wiki and a free weekend, you'll manage to get it to work.

Thanks andreacoppini! Please let me know do you been tested it own your own at your end and it worked for you?

Paams

Hi andreacoppini! Thank you so much to assist me with my PPTP link problem. I have something to tell you regarding PPTP link setup. Actually because of living in rural area i have only one option at this time to access internet through GPRS from my home and i am using internet over GPRS provided by a mobile phone service operator in my area. My mobile phone acts as modem and working well. I used to access internet without any problem from anywhere. I have contacted this home ISP about PPTP problem and he has said that most of the ports are blocked and are not permitted to open it because of security reasons and can't help no longer with my PPTP problem. I came to a conclusion that PPTP link won't work for me at this time and must look for other way to access RB450 at remote location.

I think i don't need to establish PPTP link to get access RB450 remotely from public network (internet). Please correct me if i am wrong. I want to access RB450 in the same way from public network (internet) as i am accessing and controlling DSL modem+router attached to RB450. so i am also trying to access RB450 with writing the address "http:publicIPaddress:8080/", the public IP address assigned to RB450's ether1 interface from remote ISP, the same way as i am using to access DSL modem+router at internet explorer window attached to RB450, but come out with a blank web page. Do i need to have configure something at RB450 to access its web interface remotely over internet? If yes! please let me provide the configuration. Also i think it could be possible to accessed RB450 through winbox from public network (internet) remotely? Could you please explain with both of these web interface and winbox configuration at RB450 to access it from home PC over public network. I'll be really very grateful to you for this and appreciate your help from my heart.

Thanks,
Paams

Glad I helped

Now that you're saying you're connecting using a GPRS/3G modem, I'm not surprised it didn't work. Most mobile providers assume you just want to use the 3G connection for mail and web, so they restrict the connections to being near-unusable.

In the same way, I wouldn't be surprised if your provider is blocking all inbound traffic towards your router, to stop you from running servers on your 3G connection. So once again, I doubt you'll manage to get in.

Sorry, that's the harsh reality of the cash gobbling bunch that are mobile providers, they just never have -and never will- understand data.

Glad I helped

Now that you're saying you're connecting using a GPRS/3G modem, I'm not surprised it didn't work. Most mobile providers assume you just want to use the 3G connection for mail and web, so they restrict the connections to being near-unusable.

In the same way, I wouldn't be surprised if your provider is blocking all inbound traffic towards your router, to stop you from running servers on your 3G connection. So once again, I doubt you'll manage to get in.

Sorry, that's the harsh reality of the cash gobbling bunch that are mobile providers, they just never have -and never will- understand data.

Okay! Thanks andreacoppini. But i think i can access RB450 through public network (internet) without using PPTP link and can access RB450 in the same way from public network (internet) from my home PC , the same way as i am accessing DSL modem+router attached to RB450 without any problem through this GPRS internet connection like this "http://publicIPaddress:8080/", the public IP address assigned to modem+router by remote ISP. I'll be really very grateful to you if you could please provide me the configuration how to access RB450 from public network using winbox and/or web interface.

Thanks,
Paams

If you didn't configure any firewall blocking, you can just access it from the internet the same way you access it from the internal lan. MikroTik doesn't know or care about what is internal and what is external.. it's all just a bunch of interfaces.

If you didn't configure any firewall blocking, you can just access it from the internet the same way you access it from the internal lan. MikroTik doesn't know or care about what is internal and what is external.. it's all just a bunch of interfaces.

Thank you so much andreacoppini! There is no firewall and NAT rules setup at RB450. I have tried to access RB450 as per your instruction using public IP assigned to its ISP at its end, but winbox always keep remains in connecting mode and a message displays "can't connect to xx.xx.xx.xx (public IP address). But when i run PING command at home PC to that public IP address assigned to RB450 at remote location it pinged very well with 0% data loss. And when tried using web server using public IP address in internet explorer i.e "http://xx.xx.xx.xx:8080/" , a bank web page displays. Do i need to configure some unique firewall and/or NAT rule settings at RB450 to access it from public network (internet)? If yes! Any further help with firewall configuration will be greatly appreciated.

Thanks,
Paams


Report this post

Just because ping works, you can't assume all inbound traffic is allowed. Like I said before, most 3G providers block many inbound traffic, they would probably allow inbound pings because some outbound applications may fail if they blocked inbound pings.

Also, by default MikroTik web interface runs on port 80, so you would need to access http://ROUTER_PUBLIC_IP only, without the port. A brand new MikroTik with just IP addresses and routes configured allows access to its WinBox and HTTP interface over all interfaces.. nothing needs to be set up.

But again, I would say it is being blocked by the ISP.

Just because ping works, you can't assume all inbound traffic is allowed. Like I said before, most 3G providers block many inbound traffic, they would probably allow inbound pings because some outbound applications may fail if they blocked inbound pings.

Also, by default MikroTik web interface runs on port 80, so you would need to access http://ROUTER_PUBLIC_IP only, without the port. A brand new MikroTik with just IP addresses and routes configured allows access to its WinBox and HTTP interface over all interfaces.. nothing needs to be set up.

But again, I would say it is being blocked by the ISP.

Thanks! I am confused and i think that its not the ISP blocking required port, if this were the case i wouldn't be able to access DSL modem+router's web interface over public network, which is connected to RB 450 at remote location, using the same mobile phone's GPRS internet service from my home PC. Please let me correct if i am wrong, even using both public IP and dyndns.org hostname service. I'll try it with brand new Mikrotik router RB750 and let you know.

Thanks,
Paams

If you can access the modem's web interface, I'm assuming it's your modem which has the public IP. In that case you need to configure port forwarding on the modem to forward the WinBox pots to your MikroTik's IP (TCP / 8291)

If you can access the modem's web interface, I'm assuming it's your modem which has the public IP. In that case you need to configure port forwarding on the modem to forward the WinBox pots to your MikroTik's IP (TCP / 8291)

Hi andreacoppini! Thank you so much for your assistance. I got accessed RB450 from public network(internet) using port forwarding at TCP/8291 at modem from my home through internet over GPRS network. I want to go ahead with it to access AP with in the network. Network design as below:

Internet <------->ADSL modem <-------->MT1 RB450(GateWay) <--ethernet-->MT2(Backhal1) <--wireless link(10km)--> MT3 (Backhal2) <----ethernet--->MT4 (AP).

Could you please let me assist how can access AP from winbox which is at further remote location from the attached Rb450 in the network through a public network (internet).

Hoping your further assistance.

Thanks,
paams