VPN clients can't ping devices on the LAN

RouterOS Beginner Basics
1

I have a very basic setup here. Just a WAN, LAN, bridge, and a PPTP server.

Local devices are accessing the WAN just fine.
I can connect to the VPN and login into the router, and surf out the WAN no problem.
But, I cannot ping devices on the LAN.
The intent is for my buddy to be able to login while he’s a t work and check his 3D printer, login to that, cancel print if need be, etc.

I have seen several posts regarding a similar problem, and I have tried several of the proposed fixes, but nothing has worked.
Here is an export for reference. I feel like I’m missing some small detail here.

Thank you all in advance!

BTW, I know I need to upgrade the firmware. That is happening soon.

# jul/19/2022 22:09:23 by RouterOS 6.45.7
# software id = DIED-0YD7
#
# model = CCR1009-7G-1C-1S+
# serial number = <CENSORED>
/interface bridge
add name=bridge1
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.254
add name="PPTP pool" next-pool=dhcp ranges=192.168.1.90-192.168.1.94
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/ppp profile
add bridge=bridge1 comment="This is where we define the parameters of the VPN co\
    nnection. what IP we'll have, what limits we set, etc." local-address=\
    "PPTP pool" name="Remote access" only-one=no remote-address=\
    "PPTP pool" use-encryption=yes
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=combo1
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/interface pptp-server server
set authentication=chap,mschap1,mschap2 default-profile="Remote access" \
    enabled=yes
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.1.206 client-id=1:dc:a6:32:67:0:f9 comment=TRONXY \
    mac-address=DC:A6:32:67:00:F9 server=dhcp1
add address=192.168.1.123 client-id=1:b8:27:eb:ec:75:ab comment=SIDEWINDER \
    mac-address=B8:27:EB:EC:75:AB server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip firewall filter
add action=accept chain=input 
dst-port=1723 log=yes protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat 
out-interface-list=WAN
/ip route
add disabled=yes distance=1 gateway=192.168.1.1
/ppp secret
add comment="This is the login and password used for PPTP VPN" name=<CENSORED>
/system clock
set time-zone-name=America/Chicago
/system identity
set name="Router"
2

Suggest your firmware is getting stale.
Suggest trying 7.3.1 which will allow you to do wireguard VPN which is very easy.
If you want network type access for your buddy, you could also consider zerotier (goes through a third party) which is now an available module on MT OS.

Where are your firewall rules assuming this router is public facing??

3

you could also consider zerotier (goes through a third party) which is now an available module on MT OS.

But only for ARM devices…

CCR1009 is Tile architecture.

4

RIGHT, I use my rb450G for zerotier and not my tile… :frowning:

5

I removed the firewall rules from the export for brevity.

6

That doesnt help me understand the config and troubleshoot… config is highly integrated…