I have a main office machine I wish to use to get into the local side of all my router boxes. How to I setup a vpn connection to them, so I can connect to each one individually when I need it and get on the local side of the router?
what do you want VPN roaming, or VPN site to site
I will be stationary at the machine, but I want to connect to many router boxes from this location. Kind of like ppp.
Roaming VPN then.
I’d suggest following the documentation for PPTP server setup here:
http://www.mikrotik.com/docs/ros/2.9/interface/pptp
Regards
Andrew
Ok, I set up the pptp server and I set up my computer to connect. It works, gives me a address of 192.168.100.21 and server address of 192.168.100.20. However I cannot access the inside of that routers network (192.168.100.0) even with proxy-arp on both interfaces.
ok,
put in:
secrets
name: you login example eclipse
password: you password
calle id:
profile:default-encryption
local address: put the IP of you MK (the inside LAN IP)
remote address: of course put other segment example 192.168.20.241
routes: the IP of MK (the inside LAN IP of MK)
the secret of PPTP VPN is the local address, remote address, and routes.
the remote and local address, should be different.
i have 6 MK and use PPTP for go to inside and see the radios in (web) my radios is in the same segment of remote address of course.
Best Regards
Daniel White
The inside LAN doesnt have an IP on the NIC. Should I add one?
Yes.
Can’t seem to get it working. I put proxy-arp on ether2, gave it an IP of 192.168.100.2. Gave my pptp client an local ip of 192.168.100.20 and remote of 192.168.100.21 with a route of 192.168.100.2. Connects to the pptp, cannot ping or do anything with the 192.168.100.0/24 subnet.
maybe NOOOO!!
example if ether 2 is a local network (LAN), and the segment is 192.168.100.x/24 and the IP of ether2 is 192.168.100.2/24 the remote you can put 192.168.200.21 with route 192.168.100.2
put in PPTP server enable and use MSCHAPv2 is more secure, msCHAPv1 work but have security issues.
the other interface ether1 is a public interface ? and have a public IP ?
why put proxy-arp in etherface ? i no need this
test again and see ??
Still cannot access anything on that side. I am connecting to the public (ether1) address for the pptp, but I want to access the devices on ether2. Do i need to make a firewall rule to tell packets to go to ether2?
Can you ping the LAN interface on the router from the VPN client?
You need proxy-arp on this LAN interface.
You need firewall rules if you have any rules set which would block the VPN traffic. If you have any block rules then log what is dropped then put some rules in to permit the VPN traffic.
I presume the VPN client is connecting OK.
Regards
Andrew
I can ping the 192.168.100.2 Lan side. But I cannot access anything after that (192.168.100.10 or 11 and so on). There are no firewall rules except masqurade on the lan for 10.10.100.0 subnet going the other direction.
Gave my pptp client an local ip of 192.168.100.20
This will cause problems as the network ID is the same as the remote server LAN. How does the client know which IPs are on the local lan and which are at the other end of the tunnel?
Regards
Andrew
I mean local address on the mikrotik. I tried without anything in there aswell, still no luck. My actual client machine has a windows auto address in the nic. do I need to add a route to the routing table as well as under the ppp secret?
I would suggest re-reading the documentation carefully as you’ve probably missed something.
Regards
Andrew