Community discussions

 
luckysunny
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Mon Nov 22, 2010 6:21 pm

How to Block PPTP Traffic

Thu Jul 25, 2013 3:29 pm

hello ,

i am facing a problem these days that many free vpn(pptp) provider put their ads on it & They eat bandwidth also . so i want to block these pptp traffic through my mikrotik . means i don't want my user can connect to any pptp. need your help guys
Muhammad Sarfraz
MTCNA Pakistan
 
ners
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Tue Mar 12, 2013 4:30 pm

Re: How to Block PPTP Traffic

Thu Jul 25, 2013 3:31 pm

Block destination port TCP 1723 in the forward chain, or better block protocol type 47 (GRE) which is used by PPTP. That way you will also block PPTP services on non-standard ports.
 
luckysunny
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Mon Nov 22, 2010 6:21 pm

Re: How to Block PPTP Traffic

Thu Jul 25, 2013 3:35 pm

this will effect other traffic or not ? if i block pptp port
Block destination port TCP 1723 in the forward chain, or better block protocol type 47 (GRE) which is used by PPTP. That way you will also block PPTP services on non-standard ports.
Muhammad Sarfraz
MTCNA Pakistan
 
ners
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Tue Mar 12, 2013 4:30 pm

Re: How to Block PPTP Traffic

Thu Jul 25, 2013 3:46 pm

ros code

/ip firewall filter add chain=forward protocol=gre action=reject reject-with=icmp-protocol-unreachable
Should block GRE protocol which is used by PPTP for data transfer, no other traffic should be affected.
 
luckysunny
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Mon Nov 22, 2010 6:21 pm

Re: How to Block PPTP Traffic

Thu Jul 25, 2013 3:48 pm

let i will try this one .. thanks for ur kind reply

ros code

/ip firewall filter add chain=forward protocol=gre action=reject reject-with=icmp-protocol-unreachable
Should block GRE protocol which is used by PPTP for data transfer, no other traffic should be affected.
Muhammad Sarfraz
MTCNA Pakistan
 
User avatar
rarenakal
just joined
Posts: 2
Joined: Mon Oct 12, 2015 12:24 pm
Location: Denpasar, Bali, Indonesia
Contact:

Re: How to Block PPTP Traffic

Mon Jun 10, 2019 5:23 am

ros code

/ip firewall filter add chain=forward protocol=gre action=reject reject-with=icmp-protocol-unreachable
Should block GRE protocol which is used by PPTP for data transfer, no other traffic should be affected.
didn't work on my router.
it should be like this:

/ip firewall filter add chain=input protocol=gre action=drop

thanks. #CMIIW
 
sindy
Forum Guru
Forum Guru
Posts: 3284
Joined: Mon Dec 04, 2017 9:19 pm

Re: How to Block PPTP Traffic

Mon Jun 10, 2019 11:52 am

didn't work on my router.
it should be like this:
That's a misunderstanding. The OP wanted to block PPTP to be transited by his Mikrotik, and that rule works for that task.

Your rule blocks incoming GRE connections to your Mikrotik itself, which is a different task (and to block PPTP connections to your Mikrotik itself, not enabling /interface pptp-server server is sufficient, you don't need any rule for that).

In general blocking GRE kills not only PPTP but also other protocols using GRE, which may be fine for the OP's purposes but in general it is a bad idea.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Bing [Bot] and 20 guests