I have setup PPTP vpn in mikrotik with proxy-arp. The issue I’m facing is whenever any remote client connects through vpn he can access the local systems but I get IP address conflict error in local systems. This issues started when I enabled proxy-arp. Without enabling proxy-arp remote clients were not able to access local systems and I had to enable proxy-arp in Mikrotik.
How can I overcome this issue.
Thanks
How IP addresses are assigned to PPTP clients?
Do you have DHCP server address pool defined for PPTP clients?
Regards,
Have defined pool in Ip Pool.
Is this pool assigned to profile?
Regards,
No. I have created separate pool for VPN clients.
I read somewhere that I can setup vpn with routed subnet also.
Is anybody having idea about routed subnet in vpn.
Just use a different subnet address range for your pool of addresses than what is on your local LAN. The router will install routes for the new PPTP connection automatically when someone connects, and devices can communicate normally.
Do you mean the pptp client who gets ip address from 10.252.30.0/24 will be able to communicate local lan having 10.242.31.0/24 range ?
Do you mean the pptp client who gets ip address from 10.252.30.0/24 will be able to communicate local lan having 10.242.31.0/24 range ?
Yes, I have similar config running well.
HTH,
Still facing same issue of IP address conflict. Have assigned separate pool for pptp clients. proxy-arp on the interface where local system are connected is enabled and in the same subnet of local systems.
Am I doing something wrong ?
Turn off proxy-arp on the client facing interface. That is what is causing the “ip conflicts”. Proxy-arp means that anytime the router sees an arp broadcast on a network asking who owns an IP address, it will respond saying that it does. The moving of the pool to a different subnet is so that the clients will try and route traffic to the vpn user instead of trying to communicate to them over the layer2 network.
Hi - I don’t mean to hijack another’s thread, but I’m trying to do this exact same thing.
For the new pptp subnet, I set the profile to use 192.168.104.1 as the local address, and set the remote to use the pool associated with 192.168.104.x range.
I went into IP Addresses and added 192.168.104.1 to the master port (eth2) as a secondary address.
I get an IP in the correct range, but I can’t reach other subnets. What do I need to change/add so it’ll route to the other subnets?
Thanks in advance!
After disabling proxy-arp not able to access local systems. my configuration is as under
Interface
wan - x.x.x.x (internet) - proxy:enabled
lan - 192.168.40.0/23 (local users) proxy:enabled
vpn - 10.252.32.0/23 (local systems) proxy:enabled
VPN configuration in Mikrotik (as suggested, kept different subnet)
local address - 192.168.50.1
remote address - vpn pool (192.168.50.2 - 192.168.50.10)
pptp client dial wan side ip address to establish vpn. Once vpn is established they can access local users on 192.168.40.0/23 subnet but can’t access local systems on 10.252.32.0/23 subnet. From mikrotik I can ping local systems on 10.252.32.0/23 subnet.
Is this the right configuration.
Remove the “local address” either leave it blank or choose one of the public IP addresses of the router. You don’t need and shouldn’t assign an IP address from your VPN subnet to any interface of the router. Doing so will only break what you are aiming to do. The goal is to force people to use the router to route traffic to a specific IP address, by having the same subnet assigned to the router it will create a locally connected subnet that has a lower weight, so the router will send traffic there instead of where you want it to go.
After removing local address I cannot establish VPN connection.
I have two networks a. 192.168.40.0/23 & b. 10.252.32.0/23 apart from the WAN (internet). I don’t find any issue with 192.168.40.0/23. If I establish vpn I can access all machines on 192.168.40.0/23 subnet. But I cannot access system in 10.252.32.0/23 subnet. This is weird.
I have the same issue…
My VPN can’t see any of my systems. I’m in macbook vpn and conected to a mikrotik VPN, VPN pools is 192.168.89.0 and LAN poll is 192.168.88.0.
Ping the ip 192.168.88.5 as a example, and ping are ok, but config software can’t connect to system…
Maybe I need to route some ports?
rubensx, I have the same issue, have you figured out how to fix it?