Hi
I have setup a L2TP VPN server on my Mikrotik for use with a Win 10 client to connect.
I can initiate the tunnel & connect successfully. I get an IP in the expected subnet from the expected IP pool. My traffic is actually redirected through the VPN gateway (it is by default gateway) - all seems ok… expect that I can not reach other hosts on the same subnet, nor can they “see” (aka ping) me…
What could be the cause of this ? Do I need some further firewall rules ?
It depends. In case the client gets IP address from LAN subnet, you need proxy ARP on LAN interface. Firewall can also be the cause.
It depends. In case the client gets IP address from LAN subnet, you need proxy ARP on LAN interface. Firewall can also be the cause.
Aha - yes they do get IP from the same pool that serves the LAN subnet. Is that not best practice ?
I wouldn’t say that it’s too bad, but I’m leaning towards no. But don’t think too much about it, it can work like this too (with the help of proxy ARP).
The advantage is that if VPN client is connecting to devices in LAN, you don’t need to worry about their firewalls, e.g. Windows by default allow access only from same subnet. In this case it looks like client is there, so you don’t need to do anything.
But client is not really part of LAN, as if it was connected there directly, it’s behind router, so not everything will work the same way (some broadcast based protocols). Using different subnets makes it more clear that client is elsewhere. But it may require extra work to configure other devices.