Another help me with L2TP/IPSEC proxy-arp...

RouterOS Beginner Basics
1

Hi All,

Recently I bought a pre-programmed mikrotik router. I Do know some networking stuff but it would take to much time to learn the mikrotik and I needed to make it work quick.

Anyway now everything is working I needed to login to a web interface but from a remote location. So I decided to setup a VPN. shouldn’t be to hard following the wiki…http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#L2TP.2FIpSec_setup

So now I am able to login to the vpn. when I check my public IP address it is changed to the microtik’s public IP. And when browsing even the DNS filter/redirecting is working, so that’s cool! :smiley:

From my laptop on a terminal window I can ping to the remote-local-lan-mikrotik-address.

From winbox I can ping back to my laptop.

but I cannot access web interfaces of other device on the remote lan.

I’ve set proxy-arp on the LAN bridge interface.

now how do I post the parts of the config here so you guys can help me out?

IPSec Site2Site VPN not NATting
2

Can you give an example of what you are trying to access when you say web interfaces? If you are on an L2TP tunnel you should be able to access other LAN devices…

3

Is it just the web interface that doesn’t work? Can you ping them? What default gateway do the devices have?

4

Thanks for your reply, the default gateway is the same for all devices. and is the internal ip of the microtik.

when I am connected with the VPN I can ping the internal IP of the mikrotik, but cannot access the web interface. I cannot reach any other IP on the network.

I can access the mikrotik web interface only through one of the public IP address. (I have configured dual wan.)

5

I’m trying to access the access points behind the microtik

6

I am trying to access the web interface of different access points in the remote LAN through a vpn.

Yes all devices on the network use the same gateway. gateway is de microtik LAN IP. When I am connected through the VPN I can ping the gateway and get a normal response but I cannot access the web interface with it’s IP address.

I can access the mikrotik web interface on it’s PUBLIC IP.

I cannot ping any other devices in the remote network.

7

I’ve replied twice now, and every time I get a message saying it is moderated or something, but it never shows…

so I’ll try one more time.

I am trying to login to the Acces Point web interface behind the mikrotik router.

All the device on the Mikrotik network connect trough the LAN bridge. all use the same gateway. 192.168.1.1

When I’m connected with the VPN I can ping 192.168.1.1 but I cannot access the mikrotik web interface from a browser.

When connected with the VPN I cannot ping any other device in the remote network.

8

Hi KitMikro,

Any response, as we have the same exact issue here?

Thanks in advance,
Isaac

9

I would start by checking NAT and access rules. As you have access to the web interface on the outside IP while you are connected with VPN, this should be simple enough.

10

I found out what was causing me the same problem, proxy arp on the bridge interface got turned off.

11

in the end I made it work following this tutorial

http://www.firstdigest.com/2015/01/mikrotik-l2tp-with-ipsec-for-mobile-clients/

if you also want to connect to this vpn from a computer change

/ppp profile add name=l2tp-profile local-address=L2TP-Pool remote-address=L2TP-Pool use-encryption=required change-tcp-mss=yes dns-server=8.8.8.8

to the following:

/ppp profile add name=l2tp-profile local-address=L2TP-Pool remote-address=L2TP-Pool use-encryption=default change-tcp-mss=yes dns-server=8.8.8.8

cheers!

12

At first glance I didn’t see any difference in the first digest post than most other sites except he has none for the PFS group in IP sec proposals.

I accidentally changed my IP sec peer to port strict from port override in the generate policy field and lost my site to site tunnel.