Hello,
I am using the hAP ac lite.
I created addtional wlan (wlan3, Virtual AP) with the second dhcp server for it and vpn connection - but it does not work.
- wlan1/wlan2 + brigde local - dhcp1 192.168.88.0/24 - this works.
wlan3 + bridge2 + dhcp2 192.168.89.0/24 + VPN - it does not work (I got the ip address from dhcp2, but there is no internet connection through vpn). VPN is connected.
The internet connection of wlan3 should go through vpn.
Thank you in advance.
[admin15@MikroTik] > export
# aug/12/2016 08:55:45 by RouterOS 6.36
# software id = QPY4-EXUD
#
/interface bridge
add admin-mac=E4:8D:8C:D7:0A:54 auto-mac=no comment=defconf name=bridge
add name=bridge2
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 password=xxxx user=xxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=wifi2 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=wifi5 wireless-protocol=802.11
/interface pptp-client
add connect-to=vpn.eu disabled=no max-mru=1400 max-mtu=1400 name=vpn password=xxxxx user=xxxxx
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys wpa-pre-shared-key=pass wpa2-pre-shared-key=pass
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=wifi52 supplicant-identity="" wpa-pre-shared-key=pass wpa2-pre-shared-key=pass
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:D7:0A:58 master-interface=wlan2 multicast-buffering=disabled name=wlan3 security-profile=wifi3 ssid=wifi3 wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp2 ranges=192.168.89.10-192.168.89.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=6h name=defconf
add address-pool=dhcp2 disabled=no interface=bridge2 name=dhcp2
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge2 interface=wlan3
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=192.168.88.0
add address=192.168.89.1/24 interface=bridge2 network=192.168.89.0
/ip dhcp-server lease
add address=192.168.88.246 client-id=1:38:ea:a7:a3:2b:f mac-address=38:EA:A7:A3:2B:0F server=defconf
add address=192.168.88.226 mac-address=00:21:5A:6F:00:CB server=defconf
add address=192.168.88.245 client-id=1:f8:b1:56:b0:e0:3 mac-address=F8:B1:56:B0:E0:03 server=defconf
add address=192.168.88.221 client-id=1:0:3:91:8d:10:0 mac-address=00:03:91:8D:10:00 server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.89.0/24 gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes servers=84.200.69.80,37.235.1.174
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=pppoe-out1
/ip firewall mangle
add action=mark-routing chain=prerouting log-prefix="" new-routing-mark=vpn passthrough=yes src-address=192.168.89.2-192.168.89.254
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=masquerade chain=srcnat log-prefix="" out-interface=pppoe-out1
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 log-prefix="" out-interface=bridge src-address=192.168.88.0/24
add action=dst-nat chain=dstnat dst-address=!192.168.88.226 dst-address-type=local dst-port=8888 log-prefix="" protocol=tcp to-addresses=192.168.88.226 to-ports=8888
add action=dst-nat chain=dstnat dst-address=!192.168.88.226 dst-address-type=local dst-port=12000 log-prefix="" protocol=tcp to-addresses=192.168.88.226 to-ports=12000
add action=masquerade chain=srcnat log-prefix="" out-interface=vpn
/ip route
add distance=1 gateway=vpn routing-mark=vpn