RB751U-2HnD VPN Setup

[siphongwenya]

I'm trying to setup a vpn on a Mikrotik RB751U-2HnD Router and I've followed the link below

https://rbgeek.wordpress.com/2014/08/26/pptp-server-setup-on-mikrotik/.

I use the public ip for router to connect but I cant seem to connect from my windows laptop.

I can ping the ip address but I can access the router via web from the outside.

Is there some firewall settings or port forward that i need to do?

I would also like to know how I can setup the extra IP adresses, the isp says we have 4 public ip addresses(/29)

 

[Dirty Harry101]

If you can post your config on both your router and laptop we can see what could be missing?

Well what do you want to set the extra IP on? Use one of the IPs on the MTK, then the others on the other device in your network obviously making sure the subnet is correct.

 

[siphongwenya]

Mikrotic config

# may/07/2017 10:52:24 by RouterOS 6.38.5
# software id = JSP2-XW6T
#
/interface bridge
add admin-mac=D4:CA:6D:17:02:24 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country="south africa" disabled=no distance=indoors frequency=auto mode=\
ap-bridge ssid="GTD Office" wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether2 ] arp=proxy-arp name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] arp=proxy-arp master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys wpa-pre-shared-key="**********" wpa2-pre-shared-key=\
"***********"
/ip pool
add name=dhcp ranges=172.21.2.161-172.21.2.180
add name=VPN-Pool ranges=192.168.1.10-192.168.1.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
add local-address=VPN-Pool name=pptp-profile remote-address=VPN-Pool
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
/interface pptp-server server
set default-profile=default enabled=yes
/ip address
add address=172.21.2.254/24 comment=defconf interface=ether2-master network=\
172.21.2.0
add address=xxx.xxx.xxx.xx2/24 interface=ether1 network=xxx.xxx.xxx.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=172.21.2.0/24 comment=defconf gateway=172.21.2.254 netmask=24
/ip dns
set allow-remote-requests=yes servers=xxx.xxx.1.254,xxx.xxx.2.254
/ip dns static
add address=172.21.2.254 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1
/ip route
add distance=1 gateway=xxx.xxx.xxx.1
/ppp secret
add name=username password="*********" profile=pptp-profile
/system clock
set time-zone-name=Indian/Mauritius
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge

Windows Client

Connection Name- Test

Server Name or IP Address - xxx.xxx.xxx.2 (Mikrotik public ip)

VPN type -PPTP (also tried Automatic)

Type of sign in info - Usename and Password

username - username created in mikrotik

Password - password created in mikrotik

 

[Genisys]

"add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether1"

There is the problem. You need to create a rule to allow the traffic for PPTP in through the WAN port (Eth1).

 

[siphongwenya]

is there anything other than this?


Click on the IP —> Firewall:

6

From the “Filter Rules” tab, add the new rule. Set the chain to input, protocol to tcp and Dst. port to 1723:

7

Switch to the Action tab and set it to accept, then Click OK:

8

Add another new rule. Set the chain to input and protocol to gre:

9

Switch to the Action tab and set it to accept, then Click OK:

10Note: Drag these two rules ABOVE THE DEFAULT “drop” RULE