Community discussions

MikroTik App
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

**PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 11:49 am

Hi,

I have been trying to get a simple VPN PPTP client setup on my x86 ROS router v6.7 but never got it to work.

I have setup a VPN PPTP client like this and it is connected

Image

And then my router is already able to access the Internet using the following Masquerade rule

add action=masquerade chain=srcnat disabled=no out-interface=ether1

So, I just add one IP route rule like this, whenever I go to the IP 209.68.27.16, it will route thru the VPN I setup above

Image

As simple as that, it didn't work. So I add one more NAT rule like this

add action=masquerade chain=srcnat disabled=no out-interface=testvpn

And it still don't work. I can go to any other website without problem, but when I try to access the site 209.68.27.16, it would just time out.


I have been messing with this for almost a month but still can't get it to work, I would appreciate if anyone can give me a hand here.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 11:58 am

Did you set up a route in the VPN server to your localnet ips in that VPN client?
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 12:08 pm

Did you set up a route in the VPN server to your localnet ips in that VPN client?
The VPN server is a paid service, so I don't own the VPN server. Something like this http://strongvpn.com/

I just try to setup my ROS router to route a specific IP thru the VPN tunnel.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 12:17 pm

I see. Did you add the masquerade as shown in the Mikrotik setup?
/ip firewall nat
add chain=srcnat action=masquerade out-interface=testvpn
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 12:23 pm

I see. Did you add the masquerade as shown in the Mikrotik setup?
/ip firewall nat
add chain=srcnat action=masquerade out-interface=testvpn
I have two masquerade rules:

add chain=srcnat action=masquerade disabled=no out-interface=ether1
add chain=srcnat action=masquerade disabled=no out-interface=testvpn
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 12:26 pm

Is the VPN running?
/interface pptp-client
print
There should be an 'R' after the '0' and before the name.

edit: Did you follow all the instructions? There are "/ip firewall mangle" rules also.
http://strongvpn.com/setup_mikrotik_pptp.shtml
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 12:43 pm

Is the VPN running?
/interface pptp-client
print
There should be an 'R' after the '0' and before the name.

edit: Did you follow all the instructions? There are "/ip firewall mangle" rules also.
http://strongvpn.com/setup_mikrotik_pptp.shtml
Yes, VPN is running, and I use iphone PPTP vpn connect and it works just fine. So, the VPN server itself is working.

Image


I tried to use the mangle rules at the very beginning, but it never works. So, instead of using mangle rules to do marking, I just decide to make it simpler, just route on a specific IP to the testvpn. But then, I found out the "Route List" never work on x86 ROS router in the first place. I was using v5.24 and later upgrade to v6.7, but it never works.... And thats why I have been messing with this VPN client setup for more than 1 month.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 12:50 pm

My route list has always worked, but I don't use an X86 version.

Maybe you should post your entries in "/ip route". It appears the recommended mangle rule sends everything (default route) through the VPN connection.
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 12:55 pm

My route list has always worked, but I don't use an X86 version.

Maybe you should post your entries in "/ip route". It appears the recommended mangle rule sends everything (default route) through the VPN connection.
Here is the /ip route print

Image

here is the interface

Image
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 1:11 pm

Can you ping 192.168.120.1?
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 1:15 pm

Can you ping 192.168.120.1?
Nope, I ping directly on ROS router terminal

[admin@MikroTik] /ip firewall nat>> /ping 192.168.120.1
HOST SIZE TTL TIME STATUS
192.168.120.1 timeout
192.168.120.1 timeout
192.168.120.1 timeout
192.168.120.1 timeout
192.168.120.1 timeout
sent=5 received=0 packet-loss=100%

[admin@MikroTik] /ip firewall nat>>
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 1:21 pm

Then you have a problem there. You should be able to ping the VPN gateway. Maybe you should contact strongvpn tech support.
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 1:57 pm

Then you have a problem there. You should be able to ping the VPN gateway. Maybe you should contact strongvpn tech support.
I don't use strongvpn, I use strongvpn as an example, but I have tried 2 different VPN company, and I can't ping none of them. I just test another VPN company, which you can try to setup and see if you can ping them. They are free. http://www.afreevpn.com/


Here is my result, I can't ping them.

[admin@MikroTik] /ip firewall nat>> /ping 10.55.0.1
HOST SIZE TTL TIME STATUS
10.55.0.1 timeout
10.55.0.1 timeout
10.55.0.1 timeout
10.55.0.1 timeout
10.55.0.1 timeout
sent=5 received=0 packet-loss=100%

[admin@MikroTik] /ip firewall nat>>


So, if you can help me to test on http://www.afreevpn.com/ and see if you can ping them, that would be great. If you manage to ping them, that means something wrong with the PPTP VPN client on x86 version, and I can based on your testing and my testing and raise a ticket to the developer. Thanks.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 2:55 pm

I'm posting this from a RB433 using afreevpn.com

It took a routing mark in "/ip firewall mangle" and a new default gateway using that routing mark, but it seems to be working fine. I checked with whatsmyip.com and it shows the afreevpn.com's public ip.
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 3:01 pm

I'm posting this from a RB433 using afreevpn.com

It took a routing mark in "/ip firewall mangle" and a new default gateway using that routing mark, but it seems to be working fine. I checked with whatsmyip.com and it shows the afreevpn.com's public ip.
Just a route rule with routing mark and /ip firewall mangle to mark the packet?

So, you don't even need masquerade rule?

add chain=srcnat action=masquerade disabled=no out-interface=testvpn

And you can ping the VPN IP just fine?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 3:03 pm

My bad. It did take a masquerade also. Everything is working fine. I am on a different computer now, but the other computer is up and running using the new VPN route.

edit: My localnet is 192.168.3.0/24. After I got the VPN running using the user and password from the afreevpn site using testvpn as the name, I entered this:
/ip firewall nat
add chain=srcnat action=masquerade out-interface=testvpn

/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=testvpn src-address=192.168.3.0/24

/ip route
add dst-address=0.0.0.0/0 gateway=testvpn routing-mark=testvpn
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 3:25 pm

My bad. It did take a masquerade also. Everything is working fine. I am on a different computer now, but the other computer is up and running using the new VPN route.

edit: My localnet is 192.168.3.0/24. After I got the VPN running using the user and password from the afreevpn site using testvpn as the name, I entered this:
/ip firewall nat
add chain=srcnat action=masquerade out-interface=testvpn

/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=testvpn src-address=192.168.3.0/24

/ip route
add dst-address=0.0.0.0/0 gateway=testvpn routing-mark=testvpn

I can conclude something wrong with x86 version, I am gonna raise a ticket. I have the following , baiscally try to mimic your working setup
/ip firewall nat
add chain=srcnat action=masquerade out-interface=testvpn

/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=testvpn src-address=10.0.1.0/24

/ip route
add dst-address=0.0.0.0/0 gateway=testvpn routing-mark=testvpn


I can't even ping the VPN IP address, which in my case is 10.55.0.1.

Image
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 3:33 pm

Mine shows a different dynamic ip assigned to the testvpn interface (10.55.0.54/32) with the same network ip as yours. You will have a routing problem with that setting. Yours has 10.0.1.1 as an address on testvpn. That looks like a routing conflict with one of your localnet interfaces (ether2). ??
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 4:08 pm

Mine shows a different dynamic ip assigned to the testvpn interface (10.55.0.54/32) with the same network ip as yours. You will have a routing problem with that setting. Yours has 10.0.1.1 as an address on testvpn. That looks like a routing conflict with one of your localnet interfaces (ether2). ??
I wonder where do I change the testvpn IP? It automatically assign to 10.0.1.1?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 4:11 pm

I wonder where do I change the testvpn IP? It automatically assign to 10.0.1.1?
Mine was assigned by the VPN server (afreevpn.com). Yours should be also. Maybe that is the problem you are having?
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 4:16 pm

Mine shows a different dynamic ip assigned to the testvpn interface (10.55.0.54/32) with the same network ip as yours. You will have a routing problem with that setting. Yours has 10.0.1.1 as an address on testvpn. That looks like a routing conflict with one of your localnet interfaces (ether2). ??
OK, I found where to change, I updated the PPP Profile as below

Image


Now, I have a different IP for testvpn

Image

Nothing change...still timeout
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 4:18 pm

I wonder where do I change the testvpn IP? It automatically assign to 10.0.1.1?
Mine was assigned by the VPN server (afreevpn.com). Yours should be also. Maybe that is the problem you are having?
Ok, can you show me what "Profile" you use on the testvpn? I am talking about this screen

Image

And what is your detail of that profile?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 4:21 pm

You shouldn't set that. Any ip address in the 10.0.1.0/24 subnet will not route correctly. You should let the VPN server assign that ip. Leave that setting blank.

BTW, it is only free for a while. I noticed the password changes regularly, and you won't be able to connect using the old password.

Mine got a new dynamic ip, but it is in the same 10.55.0.x/32 range.
 
sdugoten
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: **PLEASE HELP** Simple PPTP vpn client setup

Sun Mar 02, 2014 6:04 pm

You shouldn't set that. Any ip address in the 10.0.1.0/24 subnet will not route correctly. You should let the VPN server assign that ip. Leave that setting blank.

BTW, it is only free for a while. I noticed the password changes regularly, and you won't be able to connect using the old password.

Mine got a new dynamic ip, but it is in the same 10.55.0.x/32 range.
OK, I finally get it to work. I have to use a PPP Profile which Use Encryption have to set to "yes", and then leave everything else blank. Then, I got the IP correctly and finally my routing works. Thanks again for your help !

Who is online

Users browsing this forum: Baidu [Spider], krafg, Majestic-12 [Bot] and 122 guests