Community discussions

MikroTik App
 
drmotaadam
just joined
Topic Author
Posts: 11
Joined: Sat Nov 13, 2021 12:22 am

I have problem with my pptp VPN client on MikroTik

Sat Jan 28, 2023 10:55 pm

Hi, I have a problem with my pptp VPN. Bellow, there is my config that worked but doesn't work anymore.
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=Kancl in-interface=bridge1 new-routing-mark=Kancl passthrough=yes src-address-list=XPS

/ip firewall nat
add action=masquerade chain=srcnat dst-address-list=Kancl out-interface=Kancl src-address-list=XPS
add action=masquerade chain=srcnat

/ip route add
disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Kancl pref-src="" routing-table=Kancl scope=30 suppress-hw-offload=no target-scope=10

/routing table
add disabled=no fib name=Kancl

/interface pptp-client
add connect-to=XXX.XXX.XXX.XXX disabled=no name=Kancl user=XXXX

/ip firewall address-list
add address=192.168.88.254 comment=LAN list=XPS
add address=192.168.88.241 comment=WIFI list=XPS
add address=92.62.0.0/16 list=Kancl (public IPs)
add address=100.64.0.0/10 list=Kancl (public IPs)
add address=10.0.0.0/8 list=Kancl (private IPs that is why I am using the VPN)
It looks like the FW rules work based on these graphs. The router is RB5009 on v7.6 (it worked on V7 before) And yes, the VPN is connected



16:39:12 pptp,ppp,info Kancl: authenticated

16:39:12 pptp,ppp,info Kancl: connected

16:39:12 pptp,ppp,info Kancl: using encoding - MPPE128 stateless



It just stopped working without any changes. I even looked in my backup from November and the config is the same it worked before and there shouldn't be a problem on the end. I can connect via VPN on my PC to that and it works fine.



The FW should be OK too (this is not my standard firewall, I reduced it to a bare minimum):
/ip firewall filter add 
action=fasttrack-connection chain=forward comment="Fasttrack UDP" dst-port=53 hw-offload=yes in-interface=ether1 protocol=udp
add action=fasttrack-connection chain=forward comment="Fasttrack TCP" dst-port=53 hw-offload=yes in-interface=ether1 protocol=tcp
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=accept chain=input comment="allow ICMP" in-interface=ether1 protocol=icmp
add action=accept chain=input comment="allow SSH" in-interface=bridge1 port=22 protocol=tcp
add action=accept chain=input comment="allow Winbox 8291" in-interface=ether1 port=8291 protocol=tcp src-address-list=allowed_to_router
add action=accept chain=input comment="CAPSMANAGER Discovery" in-interface=bridge1 port=5246,5247 protocol=udp
add action=accept chain=input comment=OpnVPN-PASS dst-port=1194 in-interface=ether1 protocol=tcp add action=drop chain=input in-interface=ether1
I think that the rules are working based on those graphs but it doesn't want to go through the nat.

I thought that FastTrack could be the problem but removing it doesn't help. If I use the pptp client it doesn't work and I can't even access these IPs 92.62.0.0/16 (public range) and 100.64.0.0/10 even though they are public IPs (these IPs are blocked for some reason). I even tried to disable the FW and that didn't work too.
You do not have the required permissions to view the files attached to this post.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: I have problem with my pptp VPN client on MikroTik

Sun Jan 29, 2023 1:26 am

try to disable Fasttrack, reboot the device and re-test.
 
drmotaadam
just joined
Topic Author
Posts: 11
Joined: Sat Nov 13, 2021 12:22 am

Re: I have problem with my pptp VPN client on MikroTik

Sun Jan 29, 2023 8:29 pm

try to disable Fasttrack, reboot the device and re-test.
I already tried that like I wrote an it didn't help.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: I have problem with my pptp VPN client on MikroTik

Mon Jan 30, 2023 3:11 am

can u test the tunnel itslef MT==>MT , not from your lan network

Who is online

Users browsing this forum: qatar2022 and 29 guests