Hi, I have a PPTP VPN server setup and working well, how can I enable access to local IP’s over the VPN?
I’ve enabled proxy-arp on the gatewa interface but it’s still not working. Here’s an export of my firewall filters
/ip firewall filter
add chain=input comment=“allow icmp” protocol=icmp
add chain=input comment=“allow winbox” dst-port=8291 protocol=tcp
add chain=input comment=“allow api” dst-port=8728 protocol=tcp
add action=add-src-to-address-list address-list=trying_to_rdp address-list-timeout=1d chain=input comment=“list IP’s who try rdp” dst-port=3389 protocol=tcp
add action=add-src-to-address-list address-list=trying_to_login address-list-timeout=1d chain=input comment=“list IP’s who try remote login” dst-port=20-23 protocol=tcp
add action=drop chain=input comment=“drop ssh brute forcers” dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=
ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
add chain=input comment=“allow ssh” dst-port=22 protocol=tcp
add action=drop chain=input comment=“drop ftp” disabled=yes dst-port=21 protocol=tcp
add chain=input comment=“accept vpn” dst-port=1723 in-interface=ether1-gateway protocol=tcp
add chain=input in-interface=ether1-gateway protocol=gre
add action=drop chain=forward comment=“drop invalid connections” connection-state=invalid
add chain=forward comment=“allow already established connections” connection-state=established
add chain=forward comment=“allow related connections” connection-state=related
add action=drop chain=input comment=“drop invalid connections” connection-state=invalid
add chain=input comment=“allow established connections” connection-state=established
add chain=input comment=“acccept lan” in-interface=!ether1-gateway src-address=192.168.80.0/24
add action=drop chain=input comment=“drop everything else”
Edit: I’ve tried disabling the second last accept lan rule but it’s still not working
Can anyone help?
Got it, added it to bridge under PPP profile and set proxy arp on the bridge