Community discussions

MikroTik App
 
armpogart
just joined
Topic Author
Posts: 4
Joined: Thu Jul 02, 2020 10:07 pm

VPN immediately disconnecting after authentication (Windows 10 client)

Thu Jul 02, 2020 10:25 pm

I have MikroTik router with the latest RouterOS version and clear configuration (reset with default configuration).
After that I have added PPTP server configuration to the router and can't make it work. The router is currently in my local home network just for testing and setting up a VPN server before deploying it to production site. In my local network I have a ISP router with DHCP server setup on it, the network is 192.168.0.0/24.
So I connect MikroTik router WAN to one of the LANs on ISP Router and it receives local IP (e.g. 192.168.0.10) and I have my PC connected to ISP router through WiFi on the same network.

Here is my MikroTik router configuration:
> export compact hide-sensitive
# jul/02/2020 22:56:37 by RouterOS 6.47
#
# model = RB941-2nD
/interface bridge
add admin-mac=B8:69:F4:F7:94:CD auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,9.9.9.9
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Allow WinBox on WAN (debug-only)" dst-port=8291 in-interface-list=WAN protocol=tcp
add action=accept chain=input comment="Allow PPTP connections" dst-port=1723 protocol=tcp
add action=accept chain=input comment="Allow PPTP GRE Tunnel" protocol=gre
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ppp secret
add local-address=192.168.88.1 name=pptp remote-address=192.168.88.55
/system logging
add topics=debug,pptp
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

So the only things besides default configuratoin is that I have enabled PPTP server, added a couple of firewall rules for it and PPTP user. As soon as I try to connect from my PC (Windows 10 with native VPN client) to MikroTik router on local network (so I try to connect to local MikroTik ip, e.g. 192.168.0.10, which is connected to MikroTik WAN) I see in the logs that client connects, authenticates and connection immediately terminates. Here full debug logs for PPTP from MikroTik:
22:45:39 pptp,info TCP connection established from 192.168.0.11 
22:45:39 pptp,debug,packet rcvd Start-Control-Connection-Request from 192.168.0.11 
22:45:39 pptp,debug,packet     protocol-version=0x0100 
22:45:39 pptp,debug,packet     framing-capabilities=1 
22:45:39 pptp,debug,packet     bearer-capabilities=1 
22:45:39 pptp,debug,packet     maximum-channels=0 
22:45:39 pptp,debug,packet     firmware-revision=0 
22:45:39 pptp,debug,packet     host-name= 
22:45:39 pptp,debug,packet     vendor-name=Microsoft 
22:45:39 pptp,debug,packet sent Start-Control-Connection-Reply to 192.168.0.11 
22:45:39 pptp,debug,packet     protocol-version=0x0100 
22:45:39 pptp,debug,packet     result-code=1 
22:45:39 pptp,debug,packet     error-code=0 
22:45:39 pptp,debug,packet     framing-capabilities=2 
22:45:39 pptp,debug,packet     bearer-capabilities=0 
22:45:39 pptp,debug,packet     maximum-channels=0 
22:45:39 pptp,debug,packet     firmware-revision=1 
22:45:39 pptp,debug,packet     host-name=MikroTik 
22:45:39 pptp,debug,packet     vendor-name=MikroTik 
22:45:39 pptp,debug,packet rcvd Outgoing-Call-Request from 192.168.0.11 
22:45:39 pptp,debug,packet     call-id=53536 
22:45:39 pptp,debug,packet     call-serial-number=25 
22:45:39 pptp,debug,packet     minimum-bps=300 
22:45:39 pptp,debug,packet     maximum-bps=100000000 
22:45:39 pptp,debug,packet     bearer-type=3 
22:45:39 pptp,debug,packet     framing-type=3 
22:45:39 pptp,debug,packet     packet-recv-window-size=64 
22:45:39 pptp,debug,packet     packet-processing-delay=0 
22:45:39 pptp,debug,packet     phone-number-length=0 
22:45:39 pptp,debug,packet     phone-number= 
22:45:39 pptp,debug,packet     subaddress= 
22:45:39 pptp,ppp,debug <6>: LCP lowerup 
22:45:39 pptp,ppp,debug <6>: LCP open 
22:45:39 pptp,debug,packet sent Outgoing-Call-Reply to 192.168.0.11 
22:45:39 pptp,debug,packet     call-id=6 
22:45:39 pptp,debug,packet     peers-call-id=53536 
22:45:39 pptp,debug,packet     result-code=1 
22:45:39 pptp,debug,packet     error-code=0 
22:45:39 pptp,debug,packet     cause-code=0 
22:45:39 pptp,debug,packet     connect-speed=100000 
22:45:39 pptp,debug,packet     packet-recv-window-size=100 
22:45:39 pptp,debug,packet     packet-processing-delay=0 
22:45:39 pptp,debug,packet     physical-channel-id=0 
22:45:39 pptp,debug,packet rcvd Set-Link-Info from 192.168.0.11 
22:45:39 pptp,debug,packet     peers-call-id=6 
22:45:39 pptp,debug,packet     send-accm=0xffffffff 
22:45:39 pptp,debug,packet     receive-accm=0xffffffff 
22:45:39 pptp,debug,packet sent Set-Link-Info to 192.168.0.11 
22:45:39 pptp,debug,packet     peers-call-id=53536 
22:45:39 pptp,debug,packet     send-accm=0xffffffff 
22:45:39 pptp,debug,packet     receive-accm=0xffffffff 
22:45:39 pptp,ppp,debug,packet  <6>: rcvd LCP ConfReq id=0x0 
22:45:39 pptp,ppp,debug,packet    <mru 1400> 
22:45:39 pptp,ppp,debug,packet    <magic 0x48705fea> 
22:45:39 pptp,ppp,debug,packet    <pcomp> 
22:45:39 pptp,ppp,debug,packet    <accomp> 
22:45:39 pptp,ppp,debug,packet    <callback 0x06> 
22:45:39 pptp,ppp,debug,packet  <6>: sent LCP ConfReq id=0x1 
22:45:39 pptp,ppp,debug,packet    <mru 1450> 
22:45:39 pptp,ppp,debug,packet    <magic 0x6549827e> 
22:45:39 pptp,ppp,debug,packet    <auth  mschap2> 
22:45:39 pptp,ppp,debug,packet  <6>: sent LCP ConfRej id=0x0 
22:45:39 pptp,ppp,debug,packet    <pcomp> 
22:45:39 pptp,ppp,debug,packet    <accomp> 
22:45:39 pptp,ppp,debug,packet  <6>: rcvd LCP ConfAck id=0x1 
22:45:39 pptp,ppp,debug,packet    <mru 1450> 
22:45:39 pptp,ppp,debug,packet    <magic 0x6549827e> 
22:45:39 pptp,ppp,debug,packet    <auth  mschap2> 
22:45:39 pptp,ppp,debug,packet  <6>: rcvd LCP ConfReq id=0x1 
22:45:39 pptp,ppp,debug,packet    <mru 1400> 
22:45:39 pptp,ppp,debug,packet    <magic 0x48705fea> 
22:45:39 pptp,ppp,debug,packet    <callback 0x06> 
22:45:39 pptp,ppp,debug,packet  <6>: sent LCP ConfAck id=0x1 
22:45:39 pptp,ppp,debug,packet    <mru 1400> 
22:45:39 pptp,ppp,debug,packet    <magic 0x48705fea> 
22:45:39 pptp,ppp,debug,packet    <callback 0x06> 
22:45:39 pptp,ppp,debug <6>: LCP opened 
22:45:39 pptp,ppp,debug,packet  <6>: sent CHAP Challenge id=0x1 
22:45:39 pptp,ppp,debug,packet     <challenge len=16> 
22:45:39 pptp,ppp,debug,packet     <name MikroTik> 
22:45:39 pptp,ppp,debug,packet  <6>: rcvd LCP Ident id=0x2 
22:45:39 pptp,ppp,debug,packet     <magic 0x48705fea> 
22:45:39 pptp,ppp,debug,packet     MSRASV5.20 
22:45:39 pptp,ppp,debug,packet  <6>: rcvd LCP Ident id=0x3 
22:45:39 pptp,ppp,debug,packet     <magic 0x48705fea> 
22:45:39 pptp,ppp,debug,packet     MSRAS-0-DESKTOP-CK5QF53 
22:45:39 pptp,debug,packet rcvd Set-Link-Info from 192.168.0.11 
22:45:39 pptp,debug,packet     peers-call-id=6 
22:45:39 pptp,debug,packet     send-accm=0xffffffff 
22:45:39 pptp,debug,packet     receive-accm=0xffffffff 
22:45:39 pptp,debug,packet sent Set-Link-Info to 192.168.0.11 
22:45:39 pptp,debug,packet     peers-call-id=53536 
22:45:39 pptp,debug,packet     send-accm=0xffffffff 
22:45:39 pptp,debug,packet     receive-accm=0xffffffff 
22:45:39 pptp,ppp,debug,packet  <6>: rcvd LCP Ident id=0x4 
22:45:39 pptp,ppp,debug,packet     <magic 0x48705fea> 
22:45:39 pptp,ppp,debug,packet     I\91\\84\A2O\03\00\C4\D7^\84\A2O\D6\01 
22:45:39 pptp,ppp,debug,packet  <6>: rcvd CHAP Response id=0x1 
22:45:39 pptp,ppp,debug,packet     <response len=49> 
22:45:39 pptp,ppp,debug,packet     <name pptp> 
22:45:39 pptp,ppp,info,account pptp logged in, 192.168.88.55 from 192.168.0.11 
22:45:39 pptp,ppp,debug,packet  <6>: sent CHAP Success id=0x1 
22:45:39 pptp,ppp,debug,packet     S=D205893A64EB6A8E99F24DF01B58D2B7A546AA0B 
22:45:39 pptp,ppp,debug,packet  <6>: sent CBCP CallbackReq id=0x0 
22:45:39 pptp,ppp,debug,packet      01 02 
22:45:39 pptp,ppp,debug,packet  <6>: rcvd CBCP CallbackResp id=0x0 
22:45:39 pptp,ppp,debug,packet      01 02 
22:45:39 pptp,ppp,debug,packet  <6>: sent CBCP CallbackAck id=0x1 
22:45:39 pptp,ppp,debug,packet      01 02 
22:45:39 pptp,ppp,info <pptp-pptp>: authenticated 
22:45:39 pptp,ppp,debug <6>: IPCP lowerup 
22:45:39 pptp,ppp,debug <6>: IPCP open 
22:45:39 pptp,ppp,debug,packet  <6>: sent IPCP ConfReq id=0x1 
22:45:39 pptp,ppp,debug,packet     <addr 192.168.88.1> 
22:45:39 pptp,ppp,debug <6>: IPV6CP open 
22:45:39 pptp,ppp,debug <6>: MPLSCP lowerup 
22:45:39 pptp,ppp,debug <6>: MPLSCP open 
22:45:39 pptp,ppp,debug,packet  <6>: sent MPLSCP ConfReq id=0x1 
22:45:39 pptp,ppp,debug <6>: BCP open 
22:45:39 pptp,ppp,debug <6>: CCP lowerup 
22:45:39 pptp,ppp,debug <6>: CCP open 
22:45:39 pptp,ppp,debug,packet  <6>: rcvd LCP TermReq id=0x5 
22:45:39 pptp,ppp,debug,packet     Hp_\EA\00<\CDt\00\00\02\D0 
22:45:39 pptp,ppp,debug <6>: LCP closed 
22:45:39 pptp,ppp,debug <6>: CCP lowerdown 
22:45:39 pptp,ppp,debug <6>: BCP lowerdown 
22:45:39 pptp,ppp,debug <6>: BCP down event in starting state 
22:45:39 pptp,ppp,debug <6>: IPCP lowerdown 
22:45:39 pptp,ppp,debug <6>: IPV6CP lowerdown 
22:45:39 pptp,ppp,debug <6>: IPV6CP down event in starting state 
22:45:39 pptp,ppp,debug <6>: MPLSCP lowerdown 
22:45:39 pptp,ppp,debug,packet  <6>: sent LCP TermAck id=0x5 
22:45:39 pptp,ppp,debug <6>: LCP lowerdown 
22:45:39 pptp,ppp,debug <6>: CCP close 
22:45:39 pptp,ppp,debug <6>: BCP close 
22:45:39 pptp,ppp,debug <6>: IPCP close 
22:45:39 pptp,ppp,debug <6>: IPV6CP close 
22:45:39 pptp,ppp,debug <6>: MPLSCP close 
22:45:39 pptp,ppp,info <pptp-pptp>: terminating... 
22:45:39 pptp,ppp,debug <6>: LCP lowerdown 
22:45:39 pptp,ppp,debug <6>: LCP down event in starting state 
22:45:39 pptp,ppp,info,account pptp logged out, 0 0 14 0 2 from 192.168.0.11 
22:45:39 pptp,ppp,info <pptp-pptp>: disconnected 

Can anybody please help me with this problem? Something similar is happening with L2TP/IPSec though I haven't looked in debug logs there, but same thing with info logs.
In production site the router will have public ip, but I need to setup everything beforehand in local network and test it, as non-technical person will be deploying the router to the site (just connecting it to network there).

Thank in advance.
Last edited by armpogart on Sat Jul 04, 2020 10:36 pm, edited 1 time in total.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: VPN immediately disconnecting after authentication

Fri Jul 03, 2020 11:17 pm

I gave it a try here on a 6.47 CHR, and there is no difference (except IP addresses, usernames etc.) between your log and my log before your
22:45:39 pptp,ppp,debug,packet <6>: rcvd LCP TermReq id=0x5
line. So it's your Windows client that decides to terminate the session, and as it gets the same information from your Mikrotik like my Windows client gets from my Mikrotik, it is not possible to indicate a particular setting which you should change to make it work. I have tried to set the remote-address in the /ppp secret row to be in conflict with an IP address already assigned to another interface on the PC - in this case, the PC ignores the address assignment but doesn't drop the connection.

So try with another PC first, no idea what might be wrong there.
 
User avatar
inteq
Member
Member
Posts: 402
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: VPN immediately disconnecting after authentication  [SOLVED]

Sat Jul 04, 2020 12:15 am

Delete all WAN Miniports from device manager and restart.
With a bit of luck, that will fix it.
 
armpogart
just joined
Topic Author
Posts: 4
Joined: Thu Jul 02, 2020 10:07 pm

Re: VPN immediately disconnecting after authentication

Sat Jul 04, 2020 10:35 pm

Delete all WAN Miniports from device manager and restart.
With a bit of luck, that will fix it.
Strangely that worked. Thanks.

For the L2TP/IPsec to work I needed also to do steps mentioned here: https://superuser.com/a/1298914/690933
 
galciu
just joined
Posts: 1
Joined: Mon Jun 21, 2021 10:24 pm

Re: VPN immediately disconnecting after authentication

Mon Jun 21, 2021 10:28 pm

Delete all WAN Miniports from device manager and restart.
With a bit of luck, that will fix it.
Thanks! You've made my day :)
Worked for me too :)

I just left
WAN Miniport (IP)
WAN Miniport (L2TP) - my problem was with L2TP connection)
WAN Miniport (Network Monitor)
 
AliAkbari
just joined
Posts: 1
Joined: Wed Aug 18, 2021 1:37 pm

Re: VPN immediately disconnecting after authentication

Wed Aug 18, 2021 1:47 pm

Delete all WAN Miniports from device manager and restart.
With a bit of luck, that will fix it.
Thanks inteq

This helped me resolving the issue with one of our users unable to connect to Sophos UTM L2TP over IPsec using Windows 10 native VPN
 
alemoia
just joined
Posts: 14
Joined: Sat Jan 04, 2020 12:59 am

Re: VPN immediately disconnecting after authentication

Wed Sep 22, 2021 1:29 am

Delete all WAN Miniports from device manager and restart.
With a bit of luck, that will fix it.
Thanks!! that worked for me too!
 
marianito7
just joined
Posts: 1
Joined: Fri May 15, 2020 10:48 pm

Re: VPN immediately disconnecting after authentication

Thu Sep 08, 2022 1:01 pm

Delete all WAN Miniports from device manager and restart.
With a bit of luck, that will fix it.
That worked!!! Thank youuuuuu
Last edited by marianito7 on Thu Sep 08, 2022 1:02 pm, edited 1 time in total.

Who is online

Users browsing this forum: BinaryTB, Bing [Bot], GoogleOther [Bot], rplant and 74 guests