I have three Mikrotik routers, one at the central location and two at remote locations. I have setup L2TP with IPSec and everything (well, almost everything!) works: https://i.ibb.co/TrxTXsq/Cisco-network-diagram.png
I have set-up the routes so that I can ping the network 192.168.1.0/24 from the Central VPN and the 192.168.26.0/24 as well. But I would like to enable communication between 192.168.1.0/24 and 192.168.26.0/24 directly. Currently the traceroute stops at the Central VPN although as mentioned, it works both ways from the Central VPN when initiating connections from there. I have read some tutorials about the Mangle FW rules and I suspect that I should use it, but I am completely lost with that one …
Any ideas would be very very welcome
Thanks in advance!
My idea is that you may not be familiar with how the firewall works. Unless you need to use something else than the destination address to choose which traffic should go via a VPN tunnel and which should not, you should not need any mangle rules and mere filter rules should do - in particular, you may need to add rules in chain forward to permit traffic to be forwarded between the two VPN subnets.
But it’s just a rough idea - posting the export of the configuration of all three routers is the only working way to get a more useful advice.
Make sure you have a route to the l2tp server, otherwise you are making forwarding loop over the default route.
Hello,
Dear all hope you will be fine. And Doing well
I have Mikrotik router in my office. all user getting internet service from Mikrotik through static IP
LAN IP =172.16.16.0/24 (user access internet with this network)
Now I need to access some resources of SAP and email from our head office located in other city.
so I setup the L2TP client VPN dialup. which is working well and all users of this network =172.16.16.0/24 go on VPN but they are not able to access internet.
How I can enable internet on this IP =172.16.16.0/24
If I get you right, the same Mikrotik in your local office acts both as a VPN server for multiple “local” users and as a VPN client of another VPN server in another city. But how is that related to local users not being able to access internet is not clear to me.
What kind of VPN clients do the “local” users use? You can configure routing directly on each client so that it would access only the subnets in the two offices via the VPN and the rest directly, or you can let the client send everything via the VPN and configure routing on the Mikrotik in your office to allow the “local” users reach internet via it, but that’s a waste of the uplink bandwidth of your office.
So describe clearly what you want and what are the VPN clients (Windows, Android, …) and post the complete configuration of the Mikrotik in your office, anonymized as per my automatic signature here below.
