Good morning!

Have problem with routing to another mikrotik subnet.

My network:

Mikrotik A:
network 192.168.1.0\24
pptp server 192.168.100.1 (named pptp-1)
route 192.168.2.0\24 gateway 192.168.100.2

Mikrotik B:
network 192.168.2.0\24
pptp client (to A) 192.168.100.2 (named pptp-2)
route 192.168.1.0\24 gateway 192.168.100.1

Ping from Mikrotik A to some computer from subnet 1 (local):

[admin@MikroTik] > ping 192.168.1.7
SEQ HOST SIZE TTL TIME STATUS
0 192.168.1.7 56 128 0ms
1 192.168.1.7 56 128 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

Ping from Mikrotik A to some ANOTHER computer form subnet 1 (local):
[admin@MikroTik] > ping 192.168.1.50
SEQ HOST SIZE TTL TIME STATUS
0 192.168.1.50 56 128 0ms
1 192.168.1.50 56 128 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

All ping to all computers in subnet 2 - OK:
[admin@MikroTik] > ping 192.168.2.100
SEQ HOST SIZE TTL TIME STATUS
0 192.168.2.100 56 127 15ms
1 192.168.2.100 56 127 13ms
sent=2 received=2 packet-loss=0% min-rtt=13ms avg-rtt=14ms max-rtt=15ms




And now problem.
From Mikrotik B I can’t ping some computers from subnet 1:

[admin@MikroTik] > ping 192.168.1.7
SEQ HOST SIZE TTL TIME STATUS
0 192.168.1.7 56 127 13ms
1 192.168.1.7 56 127 12ms
sent=2 received=2 packet-loss=0% min-rtt=12ms avg-rtt=12ms max-rtt=13ms

[admin@MikroTik] > ping 192.168.1.50
SEQ HOST SIZE TTL TIME STATUS
0 192.168.1.50 timeout
1 192.168.1.50 timeout
sent=2 received=0 packet-loss=100%


I kill 3 days, and can’t find problem. All firewall rules turned off.
In subnet 1 only 5~10 computers don’t work from subnet 2.

p.s. Ping test for this “bad” adresses from “Mikrotik A” with interface “pptp-2” give:
192.168.1. 50 timeout
192.168.100.2 redirect host
192.168.100.2 redirect host
192.168.100.2 redirect host
192.168.100.2 redirect host
192.168.100.2 redirect host
192.168.1. 50 timeout
192.168.1. 50 timeout
192.168.1. 50 timeout
and so on.

Have you checked those 5-10 computers routing tables/default gateways/firewalls/subnet masks?

Yes, all checked: some computers have staic IP, some from dhcp. Arp tables and routes checked, all fine. I can’t find any logic on “bad” adresses. Changing “bad”-computer IP to another don’t give anything. From local mikrotik all computers ping - OK. From another (over vnp) - only ~50%. Changing to another protocol between mikrotiks (l2tp) don’t give anything too.

Yes, all checked: some computers have staic IP, some from dhcp. Arp tables and routes checked, all fine. I can’t find any logic on “bad” adresses. Changing “bad”-computer IP to another don’t give anything. From local mikrotik all computers ping - OK. From another (over vnp) - only ~50%. Changing to another protocol between mikrotiks (l2tp) don’t give anything too.

are you using mangle?

Thank to all. Problem was in firewall on computer. User turned it on without me.