Thank you so much for replying:
Let me explain what I currently have.
Home:
Local router
LAN 192.168.5.1/24
Public WAN: whatever the isp’s handing out
Behind local router
Microtik
Lan: 10.1.1.1/24
WAN: 192.168.5.x (whatever the local router is handing out)
DHCP Server: 10.1.1.100-200
Softether
ETH0: 172.30.1.65/24
Tunnel: (192.168.99.x/24)
Server I need to get to: 172.30.1.80/24
Here is my current issue.
I created an OpnVPN connection from Microtik and SoftEther. That works great. Connection Established.
I had to create a route on Microtik: 172.30.1.0/24 GW SSTP-Out1 in order for the Microtik to be able to ping 172.30.1.x network (from terminal).
Problem:
I cannot ping from 10.1.1.x to 172.30.1.0/24
So I thought the reason why was because the server doesn’t know how to route back so on the 172.30.1.80 I added a route 10.1.1.0/24 gw 172.30.1.65.
Still doesn’t work. Any help GREATLY appreciated.
Your understanding of the problem seems to be right. Posting traceroute from MikroTik side toward 172.30.1.80 can clarify it
Assuming the route back is the issue, you need to define the route on Softether
if you can allocate static IP to the MikroTik by Softether, then on Softether you have to route 10.1.1.0/24 to this particular static IP
if instead of Softether, you had a MikroTik in place, then it would be much easier.
Thank you very much for the reply.
The traceroute from the microtik to 172.30.1.80 is as follows:
Hop Host
1 192.168.30.1 (vpn tunnel)
2 172.30.1.80
Thats it.
What has me puzzeld is if I take a look at the SSTP-out1 interface under Status the remote address is 1.0.0.1? Where is it getting this from?
If I look at the route table there is an entry:
Dst. Address: 10.0.01
Pref. Source 192.168.30.10
Thank you very much for the reply.
The traceroute from the microtik to 172.30.1.80 is as follows:
Hop Host
1 192.168.30.1 (vpn tunnel)
2 172.30.1.80
Thats it.
What has me puzzeld is if I take a look at the SSTP-out1 interface under Status the remote address is 1.0.0.1? Where is it getting this from?
If I look at the route table there is an entry:
Dst. Address: 10.0.01
Pref. Source 192.168.30.10
as you said you can ping 172.30.1.80 from the MikroTik, my understanding is MikroTik used the Tunnel IP as the source and send out the packets.
a simple workaround would be writing an srcnat with masquerade for packets going out from SSTP-out1 interface (you said it was opnvpn, why did you name the interface SSTP-out1?)with this workaround, your clients in 10.1.1.0/24 will reach 172.30.1.0/24 using NAT and IP address of the tunnel
if you don’t need to use NAT, you need to find a way to write the route to this tunnel on your softether to send packets toward 10.1.1.0/24 over the tunnel
Thank you so much for the reply. You were absolutely right. The problem was with the firewall.
Once I made the entry and you explained it starting working.
It was my mistake with regards to SSTP. I had tried both SSTP and OpnVPN.