Hi All,

We are trying to setup VPN access into our LAN. The subnet IP for VPN are different from our LAN subnet. VPN will have 10.10.10.0/24. LAN subnet is 192.168.188.0/24 and member of bridge (with proxy-arp). We have successfully connected to the mikrotik router and able to access internet via the vpn tunnel. However we can't access the LAN. Any clue?

Thanks

You dont need proxy-arp for routed communication. I also suspect your problem is in the firewall.

For proper way to setup IPSec/L2TP, see the presentation in my sig.

sorry, forgot to mention the client is on dynamic IP hence we do not create any policy, instead it's generated through peers settings.

strange thing is when we do trace route to internet, packets go through, however when we try to trace to LAN, it doesn't work, just stopped at the gateway.

firewall log show input interface l2tp, but out interface "none". is there any settings that is dropping L2TP packets to internal LAN? I have remove bridge from ppp profile, it still doesn't work.

Post:

/ppp exp com
/ip add exp com
/ip fi exp com

Feel free to delete sensitive information.

doh! stupid me.

found the problem, a mangle rule that force reply traffic into another table which l2tp is not in.

thanks for the help, btw, your presentation is awesome.