Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sahmed_FTNT
Staff & Editor
Staff & Editor

Created on ‎12-15-2025 09:12 PM

Article Id 423207

Technical Tip: PPTP VPN disconnecting inside IPSEC dialup tunnel

Description This article describes PPTP Windows VPN disconnects in a few minutes passing over an IPSEC tunnel.
Scope FortiGate.
Solution

In some scenarios, PPTP VPN needs to be connected as well while keeping using IPSEC dialup VPN to access remote resources. 

 

IPSEC VPN can be configured by using the below KB article: Technical Tip: How to configure IPsec remote access with full tunnelling

 

For a PPTP VPN stable connection, use the below settings:

 

MTU override enable on IPSEC tunnel:

 

config system interface
    edit <VPN_Tunnel_Name>
        set mtu-override enable
    next
end


Lower the policy MTU on the policy passing PPTP traffic:

 

config firewall policy
    edit <policy vpn > lan>
        set tcp-mss-sender 1300
        set tcp-mss-receiver 1300
    next
end

 

If PPTP VPN is still disconnecting, disable honor-df using the commands below:

 

config system global
   set honor-df disable
end
79
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.