Problem with PPTP VPN (Mikrotik as Client) and NAT Bypass

iBlueDragon · October 4, 2013, 2:11pm

Hi there,

I have set up my Mikrotik as a PPTP client to connect to a Draytek router (couldn’t get IPSec to work, will try again sometime later). The Draytek has the internal IP 192.168.2.1.

What I did so far:

Set routing mark for packets with destination 192.168.2.0/24.
Chain: prerouting; Dst. Address: 192.168.2.0/24; Action: mark routing; New Routing Mark: Draytek; Passthrough: Off. It’s the first rule on the Mangle tab.
Create route:
Dst. Address: 192.168.2.0/24; Gateway: the PPTP connection; Type: unicast; Distance: 1; Scope: 30; Target Scope: 10; Routing Mark: Draytek

Everything works fine with the standard masquerade NAT rule.

To turn off NAT for traffic between my internal network and the internal network of the remote network I created the following NAT rule:
Chain: srcnat; Dst. Address: 192.168.2.0/24; Action: accept. It’s the first rule.

As soon as I turn on this rule no traffic between the networks will flow anymore. Action: return doesn’t work either. What am I doing wrong?

Thanks in advance,
iBlueDragon

iBlueDragon · October 8, 2013, 11:58pm

Okay, okay, that was all not so clever.

Of course the routing mark is not necessary (I was to fixed on that idea because I need it for another connection to a VPN provider). So I changed the mangle rule to action=accept to bypass the subsequent mangle rules.

The NAT bypass rule works as well because the whole problem was caused by a configuration error on the Draytek side. So everything is fine now.

Kind regards,
iBlueDragon