Can’t Ping Hosts Inside Network in Site-to-Site VPN and VLANs

RouterOS General
1

Hi!

I’m having an issue my with site-to-site VPN configuration.

I’m using a hub-and-spoke architecture with satellite offices running Mikrotik hAP AC Lite and a central office running an RB4011.

In a nutshell, I can ping all remote routers from the central office and vice-versa, but I can’t reach the hosts behind the satellite offices routers.

The RB4011 of the central office is configured with bridge VLAN filtering. VLAN85 [192.168.85.0/24] is where I want the termination point of the site-to-site VPNs and satellite offices are using addresses spaces 192.168.86.0/24, 192.168.87.0/24, etc, each running their own DHCP servers.

The hAP AC are not configured for VLAN filtering, and I was expecting traffic to be dealt with as if it was untagged. Maybe I’m missing something here.

You help and guidance would be greatly appreciated.

Thank you!

2

Salut François,

It’s kinda hard to see without a diagram or ROS code.

I have a three-site network, each with their own VLANs (8 per site), but routed between them. My WAN is fully meshed and routed using OSPF (the VPN interfaces are L2TP/IPSec). I have full visibility of all hosts (provided firewalling permits it, of course).

Maybe you could post more information and we can see from there.

Cheers,

AC

WARNING, CHEAP PUBLICITY PLUG
I teach ROS (MTCNA, MTCRE, MTCWE) and my office is in Ste-Thérèse. Just saying… :wink:
https://alaincasault.com