I just bought a RB450G last week and am now playing with it. So far I have gotten PTTP to work through tutorials on the internet. I can get my clients (built-in Windows client) and they can ping the router and the clients within the network behind the RB, but the clients behind the RB can’t ping the VPN clients. What I have done so far is:
I disabled protect Router from the web interface.
I enabled the PTTP server.
Created a secret for each user.
Forwarded the necessary ports through the NAT.
Enabled arp-proxy on the appropriate interfaces.
This has gotten me to where I am now. (By the way, does disabling the protect Router option pose any harm to my network?) The only thing I can’t get working is the pinging to the remote VPN clients. Should they even be pingable? I also noticed the gateway is 255.255.255.255 on the VPN clients. Any help/tips? Thanks.
What are the addresses you are assigning to the VPN clients? If it is the same subnet that you are giving to clients on your LAN. Try placing the VPN address pool on a different subnet from the LAN, so the LAN needs to use the router to get to it.
With the way routing works, if the address you are trying to get to on a computer is part of the local subnet, it will not try to use the router to get to that IP address since it thinks it knows where it is. The computers need to send the packets to the router to be routed out of the VPN connection.
My router has an IP of 192.168.1.1. Port 1 is set to be the WAN port and port 2 is the internal port which then goes to a switch. All is working great except for this VPN stuff. All my other equipment, like my server and NAS and WDTV are on IPs 192.168.1.2, .3, and .4. Access point is .10 and DHCP is .100 - .150. I set the internal IP to 192.168.1.20 and external of 192.168.1.21 on the secret for the user. Should I set them to say, 2.20 and 2.21?
Set the remote address attribute to something on a different subnet from your LAN, it doesn’t matter what it is as long as it’s not part of the local subnet, so 192.168.2.x might be fine depending on how you have your addresses set up.
You are the man That worked great. I can ping from both ends. Now, if I want to say, typing in \DLINK-NAS\ and have it direct to 192.168.1.2 from the VPN client computer, do I need to add addresses to the DNS on the MikroTik?
That is a host name rather than a DNS one, you can give it a shot but I don’t think it will work. If you are using the MikroTik as your DNS server, you can try adding in a fake DNS name that will resolve to that IP and see if that works.
) (IE - How would I enter it in the router?)