Community discussions

 
hmontoliu
just joined
Topic Author
Posts: 11
Joined: Thu Dec 10, 2009 12:46 pm

pptp route problem

Mon Nov 26, 2012 1:21 pm

Hi, I'm having a problem with a PPTP setup with a Mikrotik RB750 (updated to last version) in one side

Basically the setup is:
...
/ip firewall service-port set pptp disabled=no
/ppp profile add name="pptp-in" local-address=192.168.40.1 remote-address=pptp use-encryption=required only-one=yes change-tcp-mss=yes dns-server=192.168.40.1
/interface pptp-server server set enabled=yes max-mtu=1460 max-mru=1460 authentication=chap,mschap1,mschap2 default-profile=pptp-in
/ppp secret add name="myvpn" service=pptp password="xxxxxxx" profile=pptp-in
...
# VPN route
/ip route add dst-address=192.168.1.0/24 gateway=<pptp-myvpn> 

The VPN works fine, but sometimes if the connection gets lost, when the VPN comes back the VPN route fails to re-stablish. The mikrotik seems to be unable to restore that route. So when that happens, I have to write the route myself to get everything working right again.

* What I'm doing wrong? Am I missing something?
* Is it possible to create a script sets the route back after a VPN reconnection? if so, any hints would be appreciated.

Thanks in advance
 
User avatar
cbrown
Trainer
Trainer
Posts: 1840
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Re: pptp route problem

Mon Nov 26, 2012 4:16 pm

It is because the route is looking at a dynamic interface. When the dynamic interface goes away the route does not know which interface to point to. You can make this static by going to the dynamic interface while it is connected and click "Copy".

Or you could set the remote address so it always pulls the same address and point your route to that address instead of an interface.
C.Brown

cbrown[at]ravenrocknetworks.com
MTCNA - MTCRE - MTCWE - MTCTCE
MTCSE - TRAINER-0179
 
hmontoliu
just joined
Topic Author
Posts: 11
Joined: Thu Dec 10, 2009 12:46 pm

Re: pptp route problem

Wed Nov 28, 2012 1:02 pm

Thanks, the first option worked flawlessly

however, I'm still facing some connection problems with that vpn. Is there any watchdog or similar that restarts the vpn if pinging to a remote machine fails?

Thanks again in advance.
 
hmontoliu
just joined
Topic Author
Posts: 11
Joined: Thu Dec 10, 2009 12:46 pm

Re: pptp route problem

Wed Nov 28, 2012 1:44 pm

Never mind the last question, watchdog watch-address seems to work.
 
User avatar
shahbazian
Trainer
Trainer
Posts: 166
Joined: Fri Sep 09, 2011 6:22 pm
Location: Iran
Contact:

Re: pptp route problem

Wed Nov 28, 2012 9:31 pm

The best way is use the following command:
/ppp secret add name="myvpn" service=pptp password="xxxxxxx" profile=pptp-in routes=192.168.1.0/24 
instead of add static route.

Using routes option in ppp secret is beter than add static route for ppptp clients
Learn MikroTik to improve your network.
( MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME, MTCIPv6E, MTCINE )
MikroTik Certified Trainer & Consultant
RIPE NCC Trainer
 
User avatar
cbrown
Trainer
Trainer
Posts: 1840
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

pptp route problem

Thu Nov 29, 2012 1:32 am

Why is it "better"?
C.Brown

cbrown[at]ravenrocknetworks.com
MTCNA - MTCRE - MTCWE - MTCTCE
MTCSE - TRAINER-0179
 
User avatar
shahbazian
Trainer
Trainer
Posts: 166
Joined: Fri Sep 09, 2011 6:22 pm
Location: Iran
Contact:

Re: pptp route problem

Sat Mar 01, 2014 1:14 am

Why is it "better"?
Because the route create dynamically when user connected to the router and disappear when user disconnected. And so the route will work flawlessly in all kinds of conditions, such as: changed vpn client ip address or any other changes.
Learn MikroTik to improve your network.
( MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME, MTCIPv6E, MTCINE )
MikroTik Certified Trainer & Consultant
RIPE NCC Trainer

Who is online

Users browsing this forum: No registered users and 26 guests