Can not ping VLAN via VPN

RouterOS General
1

Hi!

I need help with the networking configuraion for accessing internal LAN via VPN beyound the Mikrotik router. I have the configuration:

ip ad pri

ADDRESS NETWORK INTERFACE

0 192.168.0.1/21 192.168.0.0 LAN-Network
...
8 1.1.1.2/30 1.1.1.1 ether1
...
13 192.168.100.1/24 192.168.100.0 Uprav
14 D 192.168.254.1/32 192.168.254.92

int ether pri
Flags: X - disabled, R - running, S - slave

NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH

0 R ether1 1500 E4:8D:8C:35:62:6C enabled none switch1
...
9 R sfp1 1500 E4:8D:8C:35:62:6B proxy-arp none

int vlan pri
Flags: X - disabled, R - running, S - slave

NAME MTU ARP VLAN-ID INTERFACE

...
5 R LAN-Network 1500 enabled 101 sfp1
...
8 R Uprav 1500 proxy-arp 100 sfp1
...

ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
...
16 chain=output action=drop log=no log-prefix=""

17 chain=forward action=accept src-address=192.168.254.0/24 dst-address=192.168.100.36 log=no log-prefix=""

18 chain=forward action=accept src-address=192.168.100.36 dst-address=192.168.254.0/24 log=no log-prefix=""
...

Connecting to PPTP VPN I can not ping 192.168.100.36 on VLAN interface Uprav, but in the same time I can ping 192.168.0.19 on VLAN interface LAN-Network.

Here is the packet sniffing from interface Uprav:

tool sniffer start interface=Uprav
tool sniffer stop
tool sniffer packet print where ip-protocol=icmp

TIME INTERFACE SRC-ADDRESS DST-ADDRESS IP-PROTOCOL SIZE CPU FP

0 0.652 Uprav 192.168.254.100 192.168.100.36 icmp 98 0 no
1 0.652 Uprav 192.168.100.36 192.168.254.100 icmp 98 6 no
2 1.652 Uprav 192.168.254.100 192.168.100.36 icmp 98 0 no
3 1.652 Uprav 192.168.100.36 192.168.254.100 icmp 98 6 no

And the packet sniffing from interface pptp-user5:

tool sniffer start interface=
tool sniffer stop
tool sniffer packet print where ip-protocol=icmp

TIME INTERFACE SRC-ADDRESS DST-ADDRESS IP-PROTOCOL SIZE CPU FP

0 0.397 192.168.254.100 192.168.100.36 icmp 84 8 no
1 1.397 192.168.254.100 192.168.100.36 icmp 84 8 no

Any suggestions ?

2

Hallo , you have to do Proxy arp on the Port that going vlan over , lets say vlan goes on Port ether2 then Proxy-arp on that Port.
Let your Profile for vpn Client Get local addresse Same as Gateway from Router .
Best regard


Gesendet von iPhone mit Tapatalk

3

VLAN Uprav goes on port sfp1:

And as you can see proxy-arp on it is already enabled:

Now I'm getting for VPN client ip-address 192.168.254.92 from vpn-pool 192.168.254.2-192.168.254.100:

and it is configured in configuraraion for PPTP server:

int pptp-server server print
enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: pap,chap,mschap1,mschap2
keepalive-timeout: 30
default-profile: vpn-profile

ppp profile print
Flags: * - default
...
1 name="vpn-profile" local-address=192.168.254.1 remote-address=vpn-pool use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=yes
use-upnp=default address-list="" on-up="" on-down=""
...

ip pool print

NAME RANGES

...
4 vpn-pool 192.168.254.2-192.168.254.100
...

Could you describe what ip-addresses for VPN client should be configured ?