After setting up VPN access over Wireguard or L2TP/IPSEC, access to servers over smb, ssh, http(s), rdp, any service that was available on a server within the network was available. Suddenly, now only rdp and ssh work. Oddly enough https to the Mikrotik server on the LAN, of course, works, but http to any other server doesn’t. The biggest issue is smb. Telneting to the proper ports for each service times out for smb, while it works from within the LAN. That is, if you’re on the VPN subnet there is no access.
Any ideas why? It would seem that somehow something maybe got added to a blocked address list. But I don’t see anything.
Start by exporting and posting your configuration. Without that were are just guessing.
To export and paste your configuration (and I’m assuming you are using WebFig or Winbox), open a terminal window, and type (without the quotes) “/export hide-sensitive file=any-filename-you-wish”. Then open the files section and right click on the filename you created and select download in order to download the file to your computer. It will be a text file with whatever name you saved to with an extension of .rsc. Suggest you then open the .rsc file in your favorite text editor and redact any sensitive information. Then in your message here, click the code display icon in the toolbar above the text entry (the code display icon is the 7th one from the left and looks like a square with a blob in the middle). Then paste the text from the file in between the two code words in brackets.
Ditch the pointless anti-DDoS / anti-virus / etc rules, they will only slow down your router and cause problems / open you up to DoS.
Concur, most of your rules are about blocking traffic vice only allowing needed traffic. Bloated approach.
Thanks for that advice. I really thought such rules would better protect our network. I know they sure the router down, but what’s more important. I’ll start disabling and see how that works.