Setting up incoming traffic

TheSirStumfy · February 15, 2019, 2:28pm

Ok this will be a super noob question, but im having problems setting up a VPN.

The setup didnt work, so i tried to just ping my static IP and i get no response even there. I also have no idea what is cutting it off?
Ping works if i am connected to the router (to public ip) but from outside (lets say from LTE) nothing…

What must i do to let traffic in?

Setup is a bog-standard defconf.

anav · February 15, 2019, 2:36pm

post config please
/export hide-sensitive file=yourconfig

sebastia · February 15, 2019, 2:39pm

Do you get a public ip? Or maybe private or CGNat specific one?

TheSirStumfy · February 15, 2019, 2:43pm

Its a static public IP form ISP. internet on the router works fine, but pinging it form outside seems impossible

TheSirStumfy · February 15, 2019, 2:46pm

Config removed for safety

anav · February 15, 2019, 3:05pm

/ip dns static
add address=192.168.88.1 name=router.lan
You can get rid of this default rule as your setup changes covers DNS.

add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
You can remove untracked as its a special case not typically used.

add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
Same here you can remove untracked.

Other than that I dont see anything out of whack that would cause issues???

Can you confirm with grc.com that your router is not pingable.

TheSirStumfy · February 15, 2019, 3:17pm

tried all of suggested stuff, nothing. still no ping from outside.

DummyPLUG · February 15, 2019, 3:28pm

First of all make sure ping isn’t filter by your ISP, as I can’t see your firewall config so I can’t comment on that.
and you said VPN isn’t working, is that a PPTP or IPSec or OVPN?

TheSirStumfy · February 15, 2019, 3:42pm

Called ISP, there fault, incorrect gateway settings on there modem.

Facepalm

TheSirStumfy · February 15, 2019, 5:14pm

Regarding VPN i had to DMZ the main router on the modem/router to get trough, in case anyone in future helps.

DummyPLUG · February 15, 2019, 5:18pm

You mean there is another router (provide by ISP?) before the mikrotik? If so see if that router can set to “bridge mode”

sometime DMZ won’t solve double nat problem

TheSirStumfy · February 15, 2019, 5:21pm

Yeah in front there is the standard modem/switch/wifi thing the ISP gives you, since they dont allow PPPOE direct on the Microtik.

TheSirStumfy · February 15, 2019, 5:25pm

Its seems this DMZ actually does what it says

DummyPLUG · February 15, 2019, 5:29pm

Try google for solutions, may be somebody had figure a way to use bridge mode for that modem or find a way to use their own router to do pppoe

DummyPLUG · February 15, 2019, 5:30pm

Most of the time, but not everything works right for double nat even after DMZ