I’ve recently installed my LTE 6E SXT kit and have even managed to get the networks bonded and have seen speeds of 140mbps on EE network 600m from a mast.
I’m very happy with those speeds.
The Mikrotik 4g unit is still connected back into my router so that i can use the ADSL as failover,
Due to acessing internet via 4G and no longer ADSL, i need to forward web traffic (and other ports)back through a VPN that offers fixed IP as the 4G connection uses CGNAT
Ive found a supplier for this and have created the connection to it using the PPTP VPN client in winbox
This is where i am struggling
Despite having quite a bit of IT experience, I’m struggling to get it to forward the traffic back through the VPN into my internal network which is due, i think, to all the various address lists involved.
There are plenty of site to site VPN walkthroughs online, but they dont quite apply, neither do setting up VPN clients
I can see the incoming traffic hitting the VPN connection as the RX counter is increasing, but it wont go back the other way
The public IP is 81.x.x.x
Theres a server connection that i connect to using the L2TP client
This then connects on the VPN range 192.168.89.1 and with a remote server IP of 10.10.1.1
The bond IP is on 192.168.88.0/24
Finally I need to forward this back to 192.168.88.253, which is my internal router
I know the draytek firewall is set up correctly as it forwards correclty on incoming ADSL connections
If someone can tell me where i am going wrong and assit with configuring, that’d be great
Heres my outputs
NOTE: Ive only been mesing with the PRTG port before i make changes to the other incoming ports
/ip firewall address-list
add address=10.10.1.1 list=rapidvpn-pptp
add address=192.168.89.1 list=rapid-vpn-local
/ip firewall filter
add action=accept chain=input comment=“defconf: accept established,related,untracked” connection-state=established,related,untracked
add action=accept chain=input comment=“allow IPsec NAT” dst-port=4500 protocol=udp
add action=accept chain=input comment=“allow IKE” dst-port=500 protocol=udp
add action=accept chain=input comment=“allow l2tp” dst-port=1701 protocol=udp
add action=accept chain=input comment=“allow pptp” dst-port=1723 protocol=tcp
add action=accept chain=input comment=“allow sstp” dst-port=443 protocol=tcp
add action=drop chain=input comment=“defconf: drop invalid” connection-state=invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=drop chain=input comment=“defconf: drop all not coming from LAN” in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy” ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy” ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related, untracked” connection-state=established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=invalid
add action=drop chain=forward comment=“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=http dst-port=80 in-interface=lte1 log=yes protocol=tcp to-addresses=192.168.88.253 to-ports=80
add action=dst-nat chain=dstnat comment=https dst-port=443 in-interface=lte1 log=yes protocol=tcp to-addresses=192.168.88.253 to-ports=443
add action=dst-nat chain=dstnat comment=Openvpn dst-port=1194 in-interface=lte1 log=yes protocol=udp to-addresses=192.168.88.253 to-ports=1194
add action=dst-nat chain=dstnat comment=Plex dst-port=32400 in-interface=lte1 log=yes protocol=tcp to-addresses=192.168.88.253 to-ports=32400
add action=dst-nat chain=dstnat comment="PRTG " dst-port=400 in-interface=rapidVPN-pptp log=yes protocol=tcp src-address-list=rapidvpn-pptp to-addresses=192.168.88.253 to-ports=400