Hi guys, I have been given a project and was wondering if routerOS might be the answer for me. The goal is to have NAT over a dialled PPTP interface. So the RouterBoard dials out to my central office VPN, establishes a connection and then the clients at the central office side access services behind the RouterBoard at the remote end.
I have attempted this and have got quite far, the only issue I seem to be having now is NAT at the remote end, i can ping through just fine, and even connect to the web interface of the RouterBoard from the central office. The VPN itself is functional.
I have followed the mikrotik NAT guide to the letter creating the relevant src-nat and dst-nat.
Is it possible what i am trying to do? Does anyone have any suggestions?
Should be. The biggest challenge is having a route to whatever is behind the PPTP client. A PPTP tunnel is just a virtual interface, that logically behaves like any other interface.
Can you be more specific in what you’re trying to do, what the network layout is (devices, ports, and their IP addresses labeled), and what you’re trying to do specifically? I’m not sure at this time how NAT plays into this at all.
OK, thanks for your reply. We have a 3g router at the remote site of which passes all traffic to the routerboard via a dmz. The remote site uses the subnet 192.168.43.0/24, has the IP 192.168.43.2. 3g in most cases does not allow any inbound traffic via standard methods, the connection must be an outbound initiated one, Which is why the PPTP client offered by RouterOS seems like the perfect solution, it does in fact connect and i can access the routerboard and all its services. We only need one port so it made more sense to me just to NAT from 192.168.43.2 to 192.168.43.60 ← CCTV server, this isnt network address translation as such as it is the same subnet but you can see what im thinking.
The central office PPTP server has an internal address of 10.0.0.20 and sits on the subnet 10.0.0.0/22. The PPTP server hands out client addresses from 10.0.0.22-35 staticaly from user credentials. I have managed to connect to the routerboard via 10.0.0.23 (once connected) without issue, i would like it to recognise that i am connecting on port 4000 and then pass that onto the CCTV server behind.
If I’m understanding this right 192.168.43.0/24 can be reached via 10.0.0.23, correct?
Just add that as a route to your central router (which is also the PPTP server). Also add a route to your central network on the PPTP remote client 10.0.0.20. Then you can just reach the CCTV machine by its IP address. Much simpler than NAT’ing stuff about. That’s assuming the PPTP client and server are default gateways on their respective networks. If they’re not add additional routes to the default gateways.
If you really wanted to NAT it would look something like this:
Hi, thanks for all your help - i really was so close!, i was stupid and had the wrong gateway set on the cctv server! - i cannot believe it all that time and it was something so simple.
Thanks again, all your help immensely appreciated