Can't access my LAN from VPN PPTP

RouterOS General
1

Hi,
I’m am almost new with Mikrotik and I’m trying to setup a PPTP VPN connection to it, in order to access my LAN from outside.
The infrastructure is:
ETH1 = WAN interface from which i take my internet connection
ETH2 = LAN interface. My LAN is in the subnet: 10.1.1.0/24
ETH3 = WLAN (does not matter)

I’ve enabled the mikrotik PPTP Server in PPP → Interface → PPTP Server, I’ve created a secret for me, I’ve created a DHCP Pool called pptp-pool ( [10.1.2.100-10.1.2.200] ) and a PPP Profile in which i set the “Local Address” = pptp-pool and the “Remote Address” = pptp-pool.

I created the two firewall rules in order to allow gre and tcp 1723.

On the ETH2 (LAN) interface I set up Arp = “Proxy-Arp”

Now:

  • I’m able to connect from the outside to the Mikrotik, I’m able to receive an IP address between 10.1.2.100-10.1.2.200
  • I can ping the Mikrotik LAN interface (which is 10.1.1.1)
  • I CANNOT ping or connect to any other of my LAN devices.

I’ve tried to create some firewall rules in order to accept packets from the “pptp interface” in the “forward” chain, but nothing.

Can someone help me?
Thank you

PS: sorry for my bad bad english.

2

When you design your network like that, you need to configure Proxy ARP on the ether2 interface.

3

I wrote that I’ve already set it: “On the ETH2 (LAN) interface I set up Arp = “Proxy-Arp”” :slight_smile:

4

Then maybe there is more going on than you write…
E.g. the ether2 is part of a bridge.
Anyway, you should use the usual debugging tools to find out why it is not working.
E.g. run the packet sniffer on the router and on a system on the LAN that you cannot ping.

5

Ok, i will try…:slight_smile:

6

Hi

First create a bridge for the LAN, add the internal interface to it ETH2 i think, and configure the bridge as proxy-arp, not the interface.

then instead of using a different DHCP range for the PPTP use a range in the same segment as the lan

Let’s say that you lan segment is 10.1.1.0/24 right?, your router LAN ip address 10.1.1.1, you give DHCP to local users (for example) in the range of: 10.1.1.100-10.1.1.200.
Create an IP Pool for the PPTP vpn between, let’s say 10.1.1.210-10.1.1.220 (if it is for you alone 10 address for PPTP is enough) , the router LAN address ip 10.1.1.1 will go to local address in the profiles ppp section.

if you are using a different segment there is a lot more to configure, but if you are in the same segment
with proxy arp configured, there is no need and works fantastic.

7

Awesome, it works now!!
Thank you so so much!

I have another question for you :slight_smile: :slight_smile:

Now, I can connect to other PCs on my LAN using Windows File Explorer and I can connect to my local servers using RDP, BUT only with IP addresses.
NetBIOS names are not resolved (names of computers…).
Do I have to create a firewall to allow traffic for the NetBIOS traffic? (ports)

Again,
sorry for my english :slight_smile:

8

You need to setup DNS on your server(s) and configure the MikroTik router to hand the DNS server
address to the clients. This is done in the PPP Profile that corresponds to the PPTP (or L2TP) server.

9

I will try this afternoon…
Thank you so much!

10

please don’t hijack other people’s topics

11

Thanks! Thanks! Thanks!
It’s was driven me crazy. Configuring the proxy-arp at the bridge instead of at the interface was the solution. :smiley: :smiley: :smiley:

12

Thanks!!! that worked for me!! I was trying almost everything and nothing worked but your solution. I always used to configure the vpn into different subnet but have to check the “use default gateway in remote network” option to get it working. Now i can uncheck that option and can access to the LAN PCs and every vpn windows client use internet traffic through their isp