Community discussions

MUM Europe 2020
 
airnet
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Thu Feb 09, 2006 12:46 pm

WARNING: 2.9.18 does not pass PPTP traffic properly

Wed Mar 29, 2006 3:03 am

2.9.18 has a serious problem with PPTP (gre) traffic passing through it.

ONLY 1 client can ever connect to the same PPTP server at any given time !

PC 1---------LAN----- MT2.9.18 ------- internet ---------PPTP Server
PC 2


You can easily replicate like this: (so dont ask me to send a supout.rif)


1) PC 1 can connect to the PPTP server no problem
2) PC 2 cannot connect to PPTP server (timeout)
3) disconnect PC1
4) try again to connect PC2 and it will timeout again
5) go to MT2.9.18 connection tracking window and delete the cached GRE entry from PC1
6)Try again to connect with PC2 and it will connect fine
7)Try with PC1 and it will timeout and so on....
Last edited by airnet on Wed Mar 29, 2006 5:37 am, edited 1 time in total.
 
airnet
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Thu Feb 09, 2006 12:46 pm

Wed Mar 29, 2006 5:36 am

To make matters worse you can no longer download previous software to roll back.
A week ago downloading old versions was possible so we no longer bother 'saving' old versions.

**DONT UPGRADE** unless you have a copy of the old 'working' version. The more they fix, the more they break. It's not until you put it into production with 000's of client PC's that you find the bugs.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Wed Mar 29, 2006 8:30 am

I suppose,
you have to turn on connection helpers in 'ip firewall service-port',
'pptp' and 'gre', if you are running NAT.
 
airnet
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Thu Feb 09, 2006 12:46 pm

Wed Mar 29, 2006 3:38 pm

Problem is nothing to do with NAT. We are not using NAT. All we did was upgrade from 2.9.12 to 2.9.18.

Read the message. This is easily replicated in any situation. It is a (nother) bug with 2.9.18
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Wed Mar 29, 2006 3:42 pm

If there is not NAT for MT 2.9.18, where users PC 1 and PC 2 connected,
firewall on this router should pass TCP port 1723 and IP protocol GRE (IP protocol ID 47).
If there is not firewalls and NAT on both routers,
make and send support output files and send them to support@mikrotik.com
 
airnet
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Thu Feb 09, 2006 12:46 pm

Wed Mar 29, 2006 4:08 pm

There is no NAT and NO firewalling.

Thanks anyway... it's been a long day and 2.8.28 is coming to the rescue.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24417
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Wed Mar 29, 2006 4:13 pm

so is anyone else seeing this problem? without supout.rif or any helpful information we cannot help.
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Wed Mar 29, 2006 5:31 pm

No problem with PPTP, just upgraded from 2.9.16 to .18. PPTP-Passthrough and -Server tested.
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Wed Mar 29, 2006 5:47 pm

No problems here, too.

Just created a test-setup (all 2.9.18, of course):
One RB532 as PPTP-server. Routed connection to another RB532. From behind the second RB532 I right now have two concurrent PPTP sessions through router2 to the PPTP server on router1. Both are up, running and passing traffic...

Best regards,
Christian Meis
 
wildbill442
Forum Guru
Forum Guru
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Wed Mar 29, 2006 6:20 pm

I'm having problems with a Cisco Hardware VPN client not being able to connect using IPSEC..

The only firewall rules I have on my network are incoming port 25, 135-139 (TCP/UDP), and 445 (TCP). Connection tracking is enabled. I just sent an email to mikrotik support with a supout.rif of my edge router. It's a pure mikrotik network running 2.9.17. It appears to be an MTU issue, any additional input is appreciated.

See this thread for more info: http://forum.mikrotik.com/viewtopic.php?t=7555
 
airnet
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Thu Feb 09, 2006 12:46 pm

Sat Apr 01, 2006 6:11 am

Problem was only evident with Windows PPTP clients

Back on 2.8.28 now and all is good.
 
j
just joined
Posts: 1
Joined: Sat Apr 01, 2006 6:56 am
Location: USA

Sat Apr 01, 2006 7:03 am

I think I am seeing this same problem- multiple Windows PPTP clients NATed out on the same WAN IP address all trying to connect to the same PPTP server IP address. Only one can connect at a time. PPTP and GRE NAT helpers are turned on. Never seen problems like this in 2.8.28 but can't revert for other reasons.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Sat Apr 01, 2006 11:05 am

Make and send support output file from the router with the latest MikroTik RouterOS version to support@mikrotik.com, when you have problems with PPTP passtrough.
 
User avatar
rickard
Member Candidate
Member Candidate
Posts: 145
Joined: Wed Jun 16, 2004 1:29 am
Location: Sweden
Contact:

Sun Apr 02, 2006 3:03 pm

>>airnet

We had the same problem with windows VPN(PPTP) but the 2.9.17 works.
I have tryed all MT versions from 2.9.10 (that works to) the other ones have the same problem. All works with the MT PPTP client/server.
but not with Windows.

//Rickard
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Sun Apr 02, 2006 6:28 pm

rickard,
do you have any problems with 2.9.18 version ?
 
User avatar
rickard
Member Candidate
Member Candidate
Posts: 145
Joined: Wed Jun 16, 2004 1:29 am
Location: Sweden
Contact:

Sun Apr 02, 2006 6:49 pm

>>sergejs

I havent tryed yet :-) , Its not so fun to reroll all the uppgrades in my network. We had alot of angry customers running with VPN to thier work.
But i solved it with 2.9.17. so i stay ther for a while :-).
 
airnet
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Thu Feb 09, 2006 12:46 pm

Tue Apr 04, 2006 8:30 am

Unfortunately we had the same problem, but was not lucky enough to have an older version of 2.9 on hand. A few weeks back we could happily download older versions, so we didnt bother holding them.

Oh yes that hurt.

The last known working version for us was 2.9.12 that I asked MT to email a download link. No such luck.

So back to square-one happily working on 2.8.28 still....

Please tap me on the shoulder when 2.9.74 is released.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Tue Apr 04, 2006 8:37 am

airnet,
the best way to resolve issue, that you have with 2.9.18, it is to send support output file from the router, when problem is alive.
This will more helpful info to troublshoot the problem, and try to fix it.
Why you don't want to send support output file and help to resolve your problem ?

Who is online

Users browsing this forum: eworm, Google [Bot] and 128 guests