I have a 750 onsite, with internet on port1, UBNT radio network (172.16.0.2) on port 2 and port 3 is internet access for the firstspot server (10.0.0.1).
I can establish a PPTP connection to the 750, I can ping 172.16.0.1, which is on the firstspot server, and I can ping the 750’s ip of 172.16.0.2. I CANNOT ping 172.16.0.4 over a vpn connection.
I CAN ping it from the firstspot server AND from the 750 itself.
The servers subnet is 255.255.0.0
What have I done wrong?
Thank you for your time!
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=172.1.1.1-172.1.1.254
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=172.16.0.2 name=PPTP
only-one=default remote-address=vpn use-compression=default
use-encryption=required use-mpls=default use-vj-compression=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no
/interface ethernet switch port
set ether2-master-local vlan-header=leave-as-is vlan-mode=fallback
set ether3-slave-local vlan-header=leave-as-is vlan-mode=fallback
set ether4-slave-local vlan-header=leave-as-is vlan-mode=fallback
set ether5-slave-local vlan-header=leave-as-is vlan-mode=fallback
set switch1_cpu vlan-header=leave-as-is vlan-mode=fallback
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=PPTP enabled=yes
keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/ip address
add address=5.5.5.5/30 comment=“outbound to isp” disabled=no interface=
ether1-gateway network=5.5.5.3
add address=172.16.0.2/16 disabled=no interface=ether2-master-local network=
172.16.0.0
add address=10.0.0.1/24 disabled=no interface=ether3-slave-local network=
10.0.0.0
add address=172.1.1.1/24 disabled=no interface=vpn01 network=172.1.1.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.88.0/24 comment=“default configuration” dns-server=
192.168.88.1 gateway=192.168.88.1
/ip firewall filter
add action=accept chain=input disabled=no dst-port=1723 in-interface=
ether1-gateway protocol=tcp
add action=accept chain=input disabled=no in-interface=ether1-gateway
protocol=gre
add action=accept chain=input comment=“default configuration” disabled=no
protocol=icmp
add action=accept chain=input comment=“default configuration”
connection-state=established disabled=no
add action=accept chain=input comment=“default configuration”
connection-state=related disabled=no
add action=drop chain=input comment=“default configuration” disabled=no
in-interface=ether1-gateway
add action=drop chain=input comment=“block subnet comm” disabled=no
dst-address=172.16.0.0/24 src-address=10.0.0.0/24
add action=drop chain=input comment=“block subnet comm” disabled=no
dst-address=10.0.0.0/24 src-address=172.16.0.0/24
add action=drop chain=input comment=“block subnet comm” disabled=no
dst-address=172.1.1.0/24 src-address=10.0.0.0/24
add action=drop chain=input comment=“block subnet comm” disabled=no
dst-address=10.0.0.0/24 src-address=172.1.1.0/24
add action=accept chain=input disabled=no protocol=icmp
add action=drop chain=input disabled=no in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment=“default configuration” disabled=
no dst-address=0.0.0.0/0 out-interface=ether1-gateway src-address=
0.0.0.0/0
add action=masquerade chain=srcnat disabled=no out-interface=ether1-gateway
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=5.5.5.4 scope=
30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=5.5.5.4 scope=
30 target-scope=10
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
local-address=172.16.0.2 name=user1 password=user1pass profile=
PPTP routes=“” service=any
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
local-address=172.16.0.2 name=user2 password=user2pass profile=PPTP routes=“”
service=any
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
local-address=172.16.0.2 name=user3 password=user3pass profile=PPTP
routes=“” service=any