Hello, I managed to setup L2TP with IPSec, it works, kinda. But I have bunch rules in NAT, the most valuable for me is hairpin because I host few servers at home, some of them are accessible only from LAN (like my Synology NAS) and I use public domain/ip to connect with them (here hairpin works). I also have few rules in DNS and assigned few local domains that I would also be working for VPN users. So for now I can connect to L2TP and I can connect to NAS by internal IP but this is not what I wants, I wants to connect to them like I would be exactly at home, so using public domain (ip) so hairpin must be working also for VPN users. I have no idea how to do it. To be hones I kinda do not understand fully potential of Firewall so I bet I would need to change some settings in Firewall. Can someone guide me where I should start looking? I would really appreciate any help, I do not have anyone who could explain me anything about MikroTik and I did not find any useful place in my native language that I could ask for help so I landed here at official forum.
So my goal is:
currently existing rules in NAT also affects VPN connections
VPN connections use DNS of my mikrotik so internal domains also works for them.
overall treat VPN users like they would be literally inside LAN as simplest as possible
For now I did tried to set exactly same pool for IPs for VPN within same pool address like LAN users but this did nothing.
I can provide few screenshots. I do not know how to export settings. I would prefer to keep my opened ports private.
I dont think what you are asking makes sense to me at least based on my limited experience with wireguard VPN.
You are asking a user to connect to public IP (server wireguard device) but also asking the user to connect to a server behind the same Public IP.
Thus there is a conflict.
Suggest for vpn users, going direct to LANIP of server is the easier way to provide access.
I nees that because many of my servers have certificates for domain. I have hairpin for such action within LAN so when I am at home I just use my domains and works fine. I am abroad right now and while connected to VPN. I am not able to use any more that domain. All my apps in phone or in laptop are refusing to connect. Also I had custom domain defined within MikroTik DNS for specific purposes and that also does not work on VPN. Whole VPN is literally useless for me if I cannot use what I have at home the way I were used while I was there.
I tried with OpenVPN also and same result.
I do not know how I am supposed to route traffic on MikroTik’s firewall so it would treat vpn connections like internal connections.
As I said above I even tried with exactly same address pool and did nothing.
I also created addresses list for firewall and put there LAN addresses and VPN addresses in case that my rules would be detecting only LAN addresses but that also didn’t work.
Obviously I could use internal LAN ip to connect but as I said no domain no certificate. Some services are only available only under domain. Also I would have to log out each app from phone and set it to internal IP, which is painful.
As I said I need to have working DNS currently I have no idea what DNS is used for vpn users and also I need to have working hairpin/loopback.
