Hi everyone,
I have come across a problem recently that I have been confused completely.
I have configured my MikroTik router as simple as possible (basic configuration and VPN) without any firewall rule.
here is the problem:
when I connect through L2TP/IPsec protocol I can’t access neither external web pages (google,yahoo,…) nor my internal web pages (my voip server’s web interface); however, I can ping my internal server as well as 8.8.8.8 and google.com .
interestingly, everything works properly when I connect via PPTP.
I will appreciate if you take a look into this problem and provide me with a feedback
here is the configuration:
/interface ethernet
set [ find default-name=ether1 ] name="ether1(ADSL)"
set [ find default-name=ether2 ] name="ether2(TD-LTE)"
set [ find default-name=ether3 ] name="ether3(users)"
/interface pppoe-client
add dial-on-demand=yes disabled=no interface="ether1(ADSL)" name=pppoe-out1 \
password=****** user=******
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm \
management-protection=allowed mode=dynamic-keys name=SEC \
supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=\
*******
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \
security-profile=SEC ssid=NikAndish-2
/ip pool
add name=dhcp_pool0 ranges=192.168.2.2-192.168.2.254
add name=dhcp_pool1 ranges=192.168.15.2-192.168.15.254
add name=dhcp_pool2 ranges=192.168.100.2-192.168.100.254
add name=L2TP-Pool ranges=10.10.10.1-10.10.10.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface="ether3(users)" name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=wlan1 name=dhcp2
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=L2TP-Pool name=\
L2TP-Pro remote-address=L2TP-Pool use-encryption=yes
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=L2TP-Pro enabled=yes \
ipsec-secret=**** use-ipsec=required
/interface list member
add interface="ether2(TD-LTE)" list=WAN
add interface=wlan1 list=LAN
add interface="ether3(users)" list=LAN
add interface=pppoe-out1 list=WAN
/interface pptp-server server
set default-profile=L2TP-Pro enabled=yes
/ip address
add address=192.168.1.2/30 interface="ether1(ADSL)" network=192.168.1.0
add address=192.168.15.1/24 interface="ether3(users)" network=192.168.15.0
add address=192.168.10.2/30 interface="ether2(TD-LTE)" network=192.168.10.0
add address=192.168.2.1/24 interface="ether3(users)" network=192.168.2.0
add address=192.168.100.1/24 interface=wlan1 network=192.168.100.0
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=8.8.8.8 gateway=192.168.2.1
add address=192.168.15.0/24 dns-server=8.8.8.8 gateway=192.168.15.1
add address=192.168.100.0/24 dns-server=8.8.8.8 gateway=192.168.100.1
/ip dns
set servers=8.8.8.8
/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=wlan1 new-routing-mark=\
Wireless passthrough=yes
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=\
all-ppp passthrough=no protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.10.1 routing-mark=Wireless
add distance=1 gateway=pppoe-out1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=*****
set api-ssl disabled=yes
/ppp secret
add name=NikAndish password="********" profile=L2TP-Pro