Hi guys!
Is there a way to connect to remote server with 192.168.0.XX IP from local PC with 192.168.0.XX IP over L2TP? For most of my company staff L2TP connection works fine but for some not due to same local LAN subnet (local and remote). Is there any solution for this other than changing company’s LAN subnet? 
Greetings,
Martin
Regards colleague,
RDP works over TCP port 3389 at the LAN level if properly routed and configured on workstations should work. the theme changes if you want to access more than one computer from outside, i.e. from the Internet. In that case, you would have to redirect ports with DST-NAT in conjunction with different external ports and the same internal ports.
Well, I wasn’t precise - people connect to the company network via VPN. Once connected they use RDP connection to the server or workstation. The problem occurs here because some of them cannot connect due to the same subnets…
Some VPN software (clients in conjunction with server) solve the problem by disabling access to client local LAN entirely … routing all the traffic (excluding VPN packets obviously) through VPN interface. Including local IP subnet. This then solves the problem you’re seeing but introduces another problem: inability to access local resources (e.g. networked printers). But when using VPN, this may be desired state as to enforce company security policies.
How in particular to implement such a “greedy” VPN client interface largely depends on VPN type, server and client software.
My company’s VPN is L2TP with preshared key configured on MT router.
It’s not about tunnel establishnent, it’s about pushing routes from server to client. On MT L2TP those are configured for each user (these are created under /ppp/secret and routes are defined with property routes). Corporate IP subnets should be set here along with L2TP server’s tunnel local address. And set route distance as low as possible (e.g. 1) so it wins over client’s pre-existing routes if they overlap.
I don’t quite understand the need to use VPN, when you can redirect ports to access via RDP in a more “transparent” way. your customers log in from the Internet? Or is the RDP server on the same network? Another question: Do multiple clients connect to the same RDP server? or it’s multiple RDP servers.
Say hello to burglers and other “nice guys” leaving open window in your home in more “transparent” way … do not forget to leave the big red routing sign “the window is labeled 3389 and is placed on the right side of the building”
To 192.168.0.XX IP from local PC with 192.168.0.XX IP
A possibility is on the Mikrotik to have some dst-nat rules, which say if the destination address from a VPN client is 192.168.200.XX forward it to 192.168.0.XX (netmap?)
Then on the local PC with IP address 192.168.0.24 to connect to 192.168.0.24 on the company network, you connect to 192.168.200.24 (which gets redirected)
Possibly also need some sort of DNS mapping, (MyDesktop.Alt.CompanyVPN vs MyDesktop.CompanyVPN), and maybe some certificate changes 
So it should be set like this:
???
Where 192.168.0.0/24 is user’s home network (same as corporate network) and 10.11.12.1 is L2TP server’s tunnel local address.
Ok, forget about RDP. It works after ports redirect to access via RDP.
But still have an issue with L2TP connection when there are the same subnets in home and the office.
Does proxy-ARP setting on LAN bridge in the office resolve this problem?