Community discussions

MikroTik App
 
zoj1
just joined
Topic Author
Posts: 13
Joined: Wed Aug 14, 2013 6:32 pm

Access to Winbox via PPTP

Mon Oct 14, 2013 6:15 pm

Hi,

My router is configured as a PPTP client.
I would like to manage it by winbox or http via vpn.

Unfortunately, I can not configure it to management access throught VPN.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: Access to Winbox via PPTP

Mon Oct 14, 2013 9:37 pm

have a firewall rule to accept input on 8291?

Do you have direct access to the router?
Like a public IP?
Or is it dialing PPtP to you?
 
zoj1
just joined
Topic Author
Posts: 13
Joined: Wed Aug 14, 2013 6:32 pm

Re: Access to Winbox via PPTP

Tue Oct 15, 2013 12:47 am

have a firewall rule to accept input on 8291?

Do you have direct access to the router?
Like a public IP?
Or is it dialing PPtP to you?
My topology:
222.100.222.100------VPN Gateway-----VPN-PPTP-----192.168.100.1--MT PPTP Client--172.16.1.1-----172.16.1.10-PC1
All ports are forwarded from 222.100.222.100 to 192.168.100.1
On MT PPTP Client I turned off firewall for the test

When I'm trying connect by RDP to PC1 behind MT PPTP Client it works, but I can't access to mgm interface on MT PPTP Client
 
samsung172
Forum Guru
Forum Guru
Posts: 1191
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: Access to Winbox via PPTP

Tue Oct 15, 2013 1:44 am

Do you try to access to the IP provided as pptp gateway? or another IP at the router? If so. remember to route (both ways)
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: Access to Winbox via PPTP

Tue Oct 15, 2013 4:30 am

/ip firewall filter
export

Copy and paste here.
 
zoj1
just joined
Topic Author
Posts: 13
Joined: Wed Aug 14, 2013 6:32 pm

Re: Access to Winbox via PPTP

Tue Oct 15, 2013 10:04 am

Do you try to access to the IP provided as pptp gateway? or another IP at the router? If so. remember to route (both ways)
I'm trying get to to the MT by 222.100.222.100
 
zoj1
just joined
Topic Author
Posts: 13
Joined: Wed Aug 14, 2013 6:32 pm

Re: Access to Winbox via PPTP

Tue Oct 15, 2013 10:25 am

/ip firewall filter
export

Copy and paste here.
VPN Gateway:
chain=input action=accept dst-address=222.100.222.100
!
chain=srcnat action=src-nat to-addresses=222.100.222.100 src-address=192.168.100.1
chain=dstnat action=dst-nat to-addresses=192.168.100.1 dst-address=222.100.222.100
VPN Client:
chain=input action=accept dst-address=192.168.100.1
!
0   chain=dstnat action=dst-nat to-addresses=172.16.1.10 to-ports=3389 protocol=tcp dst-port=3389
1   chain=dstnat action=dst-nat to-addresses=172.16.1.1 to-ports=22 protocol=tcp dst-port=22 
2   chain=dstnat action=dst-nat to-addresses=172.16.1.1 to-ports=80 protocol=tcp dst-port=80
3   chain=dstnat action=dst-nat to-addresses=172.16.1.1 to-ports=8291 protocol=tcp dst-port=8291 
4   chain=srcnat action=masquerade 
!
DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
0   S  0.0.0.0/0                          pptp-out1                      1
1 ADS  0.0.0.0/0                        35.65.85.66                   0
If I deleted dst-nat to address 172.16.1.1 it still doesn't work when I'm trying connect to winbox.
 
samsung172
Forum Guru
Forum Guru
Posts: 1191
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: Access to Winbox via PPTP

Wed Oct 16, 2013 12:43 am

If you add a src nat rule in both ends, it should work (but nated). To route, you need to have a manually set route in both ends, that have all IP in the "routing chain" both ways. PS, do you try to acces from the router, or a device behind router? To access from a device behind, you also need the subnet mask, set in nat (and routing). And a correct gateway to this "device". PS! past routing info from both VPN box, so its possible to "read your routing"

Its also easier to route etc, using l2tp instead of pptp. Here you set routing option in profile, and don't have to hassle with static routes.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], itsbenlol, Joseph and 72 guests