Hi folks,
I have this scenario, and I can’t connect to my ADSL modem:
However I can’t access my modem web interface, and I can’t use other subnet on ADSL modem, because I have some other devices connected to its LAN ports, which must be in same network, so I can’t use NAT as suggested with other subnet on ADSL modem. Is there any workarrounds?
You have made some configuration error, because this should normally work just fine.
Unfortunately you have not included your configuration with your question, so it is not possible to review it.
How do I export configuration? Please note that I am not such familiar with Mikrotiks.
Open “New terminal” window and type: /export file=exportedconfiguration
(or whatever filename you like)
Then you can download the configuration from Files menu.
Thanks, here is the configuration:
/interface bridge
add admin-mac=E4:8D:8C:69:E7:16 arp=proxy-arp auto-mac=no name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
country=croatia disabled=no distance=indoors frequency=auto l2mtu=1600
mode=ap-bridge rx-chains=0,1 ssid=MikroTik-69E719 tx-chains=0,1
wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp name=ether1-gateway
set [ find default-name=ether2 ] arp=proxy-arp name=ether2-master-local
set [ find default-name=ether3 ] arp=proxy-arp master-port=
ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] arp=proxy-arp master-port=
ether2-master-local name=ether4-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
add name=vpn ranges=192.168.1.230-192.168.1.240
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/ppp profile
add local-address=vpn name=vpn remote-address=vpn
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether1-gateway
/interface l2tp-server server
set enabled=yes ipsec-secret="vpn123$#" use-ipsec=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=
ether2-master-local network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=
no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" gateway=
192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add chain=input dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=
established,related
add chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=
ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration"
connection-state=established,related
add chain=forward comment="default configuration" connection-state=
established,related
add action=drop chain=forward comment="default configuration"
connection-state=invalid
add action=drop chain=forward comment="default configuration"
connection-nat-state=!dstnat connection-state=new in-interface=
ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="masq. vpn traffic" out-interface=
bridge-local src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="masq. vpn traffic" out-interface=
bridge-local src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=
192.168.89.0/24
add action=masquerade chain=srcnat out-interface=ether1-gateway
/ip route
add distance=1 gateway=192.168.0.1
/ppp secret
add name=vpn password="vpn123$#" profile=vpn
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=MikroTik-1
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=wlan1
add interface=bridge-local
/tool romon port
add
Your config appears to be very different from what you wrote in your first message!
When you want it to be like you described, reset it to defaults and configure it as an AP in bridge mode.
remove the ether1 gatway from bridge.
remove this static routesettings for ether1
add an ip 192.168.0.254 to ether1-gateway
make sure that ether1-gateway has NO master interface set.
and change
/ip firewall nat
add action=masquerade chain=srcnat comment="masq. vpn traffic" out-interface=\
bridge-local src-address=192.168.0.0/24
to this
/ip firewall nat
add action=masquerade chain=srcnat comment="nat internet " out-interface=\
ether1-gateway
than remove this:
add action=masquerade chain=srcnat comment="masq. vpn traffic" out-interface=\
bridge-local src-address=192.168.1.0/24
try again