How to surf through a vpn connection?

pierref · January 25, 2016, 12:23pm

Hello

I just installed a new MikroTik router for a remote customer. It is a really beautiful piece of hardware.

I managed to install the basic functions and an external proxy server, because the possibilities of the built in proxy are too limited. I have external access through pptp and ssh.

Now I need to have the ability to surf through the vpn connection for sharing the same conditions as the remote customer for monitoring what is filtered or not by the proxy. The settings of the vpn server are the default ones.

My vpn client sets the ppp local interface as default gateway, and when I am connected, I am able to access the remote servers at the office of my customer, but not to surf on the www.

I am ready to post all the necessary /ip settings but before doing that, perhaps some of you can tell me if I have oversee something. Is it v.gr. necessary to add a filter rule in the output chain or is it enough in the nat rules to masquerade the outgoing traffic coming from the IP adresses of the vpn clients?

Thanks for helping.

Pierre

Revelation · January 26, 2016, 12:11am

Here is what I posted in another thread that solved the issue for me after I got to tinkering with it.

It’s interesting…

So I was playing around with L2TP when I got off of work and setting it up so I could reach back out onto the internet. I got it working rather trivially…

I added the VPN pool ip address range to my Networks tab under DHCP server.

I then created a new src-NAT with masquerade specifically for the VPN network. My VPN connected device, iPhone, could then reach back out onto the internet - where as it could not before.

I could then disable that specific src-nat and it still worked.

Just something you can try.

pierref · January 26, 2016, 2:31pm

Yeah, I tried this because it came as a kind of default setting. This is how my NAT table looks like, but the rule about vpn is never reached.

 0    ;;; outgoing traffic from proxy
      chain=srcnat action=masquerade src-address=192.168.8.2 
      out-interface=all-ppp log=no log-prefix="" 

 1    ;;; masq. vpn traffic
      chain=srcnat action=masquerade src-address=192.168.89.0/24 log=no 
      log-prefix="" 

 2    ;;; default configuration
      chain=srcnat action=masquerade out-interface=all-ppp log=no 
      log-prefix="" 

 3    ;;; forward incoming ssh to ocean
      chain=dstnat action=dst-nat to-addresses=192.168.8.2 protocol=tcp 
      in-interface=all-ppp dst-port=22 log=no log-prefix=""

192.168.8.2 is the IP of a server inside of the DMZ (called also proxy or ocean).

pierref · January 30, 2016, 5:20pm

Hello, James Houston 135

I just set up a pptp vpn server with a DCHP server. I didn’t find how to do this, until I found this post: http://www.urosvovk.com/step-by-step-how-to-configure-a-pptp-vpn-server-on-mikrotik-routeros/.

I also can surf through the vpn connection since I masquerade all outgoing traffic from vpn subnet.

So it works, thank you.

However, I don’t understand what you mean with io9 version (or i09). My Router OS is 6.33.3 (stable).

pamelabryant454 · July 28, 2016, 5:26pm

[color=rgba(0, 0, 0, 0)]what about just using hotspot shield which is a free app? Does it work and how well? I am sure it is not as good as this plan but most of us are casual users of public hot spots. thanks for the inpu[/color]