I have a super simple setup I'm trying to get working but every time I setup a tunnel it stops passing traffic. I just factory reset them and there running 4.17.
I just factory reset them to see if there was some old config that was messing me up but no.. I'm able to pass traffic in the clear using static routes. But as soon as the pptp connection comes up it stops passing traffic.
Trying to do a site to site PPTP vpn:
192.168.4.207/24 - 450G(server) - 192.168.254.24/24 - Ethernet cable - 192.168.254.21 - 450G(client) - 192.168.0.216/24
Server config:
Code: Select all
[admin@Server] > ip address export
# jan/02/1970 00:24:53 by RouterOS 4.17
#
/ip address
add address=192.168.254.24/24 broadcast=192.168.254.255 comment="" disabled=\
no interface=ether1 network=192.168.254.0
add address=192.168.4.207/24 broadcast=192.168.4.255 comment="" disabled=no \
interface=ether2 network=192.168.4.0
[admin@Server] > interface pptp-server export
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
local-address=192.168.254.24 name=client password=secret profile=\
default-encryption remote-address=192.168.254.21 routes="" service=any
/ip route
add comment="" disabled=no distance=1 dst-address=192.168.0.0/24 gateway=\
192.168.254.21 scope=30 target-scope=10
[admin@Server] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 192.168.0.0/24 192.168.254.21 1
1 ADC 192.168.4.0/24 192.168.4.207 ether2 0
2 ADC 192.168.254.0/24 192.168.254.24 ether1 0
3 ADC 192.168.254.21/32 192.168.254.24 <pptp-client> 0
Code: Select all
[admin@Client] > interface pptp-client export
# jan/02/1970 00:36:46 by RouterOS 4.17
#
/interface pptp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \
connect-to=192.168.254.24 dial-on-demand=no disabled=no max-mru=1460 \
max-mtu=1460 mrru=disabled name=pptp-out1 password=secret profile=\
default-encryption user=client
/ip route
add comment="" disabled=no distance=1 dst-address=192.168.4.0/24 gateway=\
192.168.254.24 scope=30 target-scope=10
[admin@Client] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
1 ADC 192.168.0.0/24 192.168.0.216 ether2 0
2 A S 192.168.4.0/24 192.168.254.24 1
3 ADC 192.168.254.0/24 192.168.254.21 ether1 0
4 ADC 192.168.254.24/32 192.168.254.21 pptp-out1 0
What super-obvious thing thats not mentioned in the wiki article about how to do this am i missing..