How can i Tunnel my Lan connection to A remote pptp Conn.

firewallrule · December 9, 2009, 11:28am

Hello Fellow Community,

I have a VPN account in a remote location, Now i want my Lan computers to have access to the internet through the PPTP connection (VPN). How can i configure it effectively?

Chupaka · December 9, 2009, 11:44am

something like

/ip route add gateway=VPN routing-mark=my_vpn
/ip firewall mangle add chain=prerouting src-address=<your_users> action=mark-packet new-packet-mark=my_vpn

firewallrule · December 9, 2009, 1:48pm

@Chupaka and all

I have done what u instructed, but still not going through the VPN.

Check out my configuration and let me know on what next to do.

[admin@USA] > ip route
[admin@USA] /ip route> pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 S 0.0.0.0/0 vpn 1
1 ADS 0.0.0.0/0 192.168.0.1 0
2 ADC 192.168.0.0/24 192.168.0.177 wan 0
3 ADC 196.1.142.0/27 196.1.142.1 Lan 0
[admin@USA] /ip route> /

[admin@USA] > ip firewall mangle
[admin@USA] /ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-packet new-packet-mark=my_vpn passthrough=yes
src-address=196.1.142.30
[admin@USA] /ip firewall mangle> /

[admin@USA] > ip firewall filter
[admin@USA] /ip firewall filter> pr
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Client Connections above 10
chain=forward action=drop tcp-flags=syn protocol=tcp
connection-limit=10,32

1 ;;; Drop Invalid Connections
chain=input action=drop connection-state=invalid

2 ;;; Allow Established Connections
chain=input action=accept connection-state=established

3 ;;; Allow UDP
chain=input action=accept protocol=udp

4 ;;; Allow ICMP
chain=input action=accept protocol=icmp

5 ;;; Allow Access to router from know network
chain=input action=accept src-address=196.1.142.0/27

6 ;;; Drop anything else
chain=input action=drop

[admin@USA] /ip firewall filter> /

[admin@USA] > ip firewall nat
[admin@USA] /ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 chain=srcnat action=masquerade out-interface=wan

2 chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
[admin@USA] /ip firewall nat>

Chupaka · December 9, 2009, 2:29pm

my bad… a typo =)

here’s correct mangle rule:

/ip firewall mangle add chain=prerouting src-address=<your_users> action=mark-routing new-routing-mark=my_vpn

firewallrule · December 9, 2009, 2:52pm

Sorry for asking too much question.

the source address=your_users, is it not the ip address of the lan computer that i want to pass through the remote VPN?

Chupaka · December 9, 2009, 2:59pm

it’s exactly addresses of LAN computers you want to go through VPN