Page 1 of 1

Forwarding PPTP 1723 to RouterOS

Posted: Wed Sep 18, 2013 3:03 am
by michaelcarey
Hi Everybody,

A long post... but I hope you can indulge me!

I've just installed a Mikrotik/Routerboard RB2011UAS router at home. This amazing unit is replacing an aging Snapgear/Cyberguard router. I'm after some guidance on how to solve an unusual PPTP VPN implementation/configuration issue.

I've configured both PPTP and L2TP VPN servers OK, added filter rules, secrets, profiles, IP pools, etc. and can access both PPTP and L2TP from an PC out on the internet perfectly. I done this before on a RB750 router (on my 2nd ADSL connection) so I'm not totally green!

Now... the tricky bit! From home I also have access to a stand-alone 2.4 GHz community wireless network, this network does not go anywhere, there is no internet gateway. I treat the community wireless network itself as an "internet" and use a NAT router to bridge the gap with the WAN interface of the NAT router facing the public network.

My home IP range is 192.168.0.0/24 and the public WiFi network IP range is 192.168.50.0/24. The bridging NAT router has addresses of LAN 192.168.0.13/24 and WAN 192.168.50.13/24. I have an IP route configured in my RB2011UAS pointing requests for 192.168.50.0/24 at 192.168.0.13 and it works fine. I can access other machines, services and devices on the public WiFi network from within my home network.

To access my home network when I am out using the public WiFi network, I have set up a port forwarding rule in the bridging NAT router that forwards TCP 1723 to 192.168.0.1, the address of my RB2011UAS. I then aim the PPTP client on my laptop at 192.168.50.13, it forward the request to
the router at 192.168.0.1 and I get my PPTP session... well that's the plan.

This configuration has been working very successfully on my Cyberguard/Snapgear router but I cannot seem to make it work in the same way with the RB2011UAS.
The symptom I see is that the PPTP client (WinXP) halts on "Verifying username and password", this same Xp machine works fine when accessing the RB2011UAS from the internet. The RB2011UAS PPTP server works with connections from the internet OK, just not from connections being forwarded from the public WiFi network.

I have not yet fully studied the RB2011UAS logs yet to see what is going on, I plan on taking a deeper look tonight when I get home. I'm wondering if anyone in here can offer some quick suggestions on where to look and what the problem might be? I have not been able to find any configuration examples that describe how to achieve what I am trying to do.

Michael.

Re: Forwarding PPTP 1723 to RouterOS

Posted: Wed Sep 18, 2013 3:08 pm
by michaelcarey
OK... I have solved the problem! It was nothing to do with the RB2011UAS or the configuration!

The thing that cured the problem was a reboot of the NAT router between my home network and the public WiFi network.

I'm not sure exactly what might have been going on inside that prevented me from establishing a PPTP VPN, but I suspect it's something to do with MAC address that it expected to be associated with 192.168.0.1 was different (due to the new RB2011UAS).

All is good in the Mikrotik world!