Hi,
I have an RB4011 at home, and another one at the “main site” which are connected together via SSTP, both of which are running ROS 7.11.2.
/interface sstp-client add connect-to=[xxx] disabled=no name=SSTP-to-DH password=[xxx] profile=default-encryption user=[xxx]
I have routing rules that are setup so that I can access the subnets at the main site from home:
/ip route add disabled=no dst-address=192.168.10.0/24 gateway=SSTP-to-DH routing-table=main suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=192.168.20.0/24 gateway=SSTP-to-DH pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=1 dst-address=192.168.30.0/24 gateway=SSTP-to-DH pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=1 dst-address=192.168.40.0/24 gateway=SSTP-to-DH pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
From home, I can ping things and connect to servers etc if I directly use the IP Address of the resource on the main site.
We have a DNS Server setup on the main site (which works fine when on the main site to resolve names to IP), and so on my local MikroTik I have setup a regex based DNS Forwarder rule:
/ip dns static forward-to=192.168.10.16 regexp="[xxx]" type=FWD
(I’ve removed the regex here for privacy, but have tested this on various regex testing sites to ensure that the names of the resources are hit by the regex and this works).
The mikrotik however cannot resolve DNS Names for the resources on the main site based on this rule.
From my laptop, I can do “NSLOOKUP [resource-name] [IP of DNS Server at MainSite]” and I get the expected IP Address back for the resource - so the packets can flow from my network all the way to the DNS Server on the main site and back again - so I don’t think this is a firewall issue.
But, if I try to (eg) do a remote desktop to one of the servers, I just get “cannot find the resource” type error, and if I try to use the tools–>ping in Winbox, it also complains that it cannot resolve the name to an IP.
Anyone got any thoughts?