VPN internet access

arsenm · February 15, 2012, 11:44pm

I have 2 mikrotik routers connected to different ISP’s
for example:
Mikrotik_Server connected to ISP1 with IP: 250...*
Mikrotik_Client connected to ISP1 with IP: 75...* (Mikrotik_Client has users connected to LAN side 192.168.0/24)
I need to use ISP1 for Mikrotik_Client clients (192.168.0/24)

###########Mikrotik_Server Configration############
Code:
/ppp profile
add name=“pptp” local-address=176.16.0.1 remote-address=176.16.0.2 use-compression=default use-vj-compression=default use-encryption=yes only-one=default change-tcp-mss=no
/ppp secret
add name=username password=password profile=pptp
/ip interface pptp-server server
set enabled=yes authentication=pap,chap,mschap1,mschap2 keepalive-timeout=15 default-profile=default

##########Mikrotik_Client Configration##############
Code:
/interface pptp-client
add name=“pptp-out1” connect-to=250...* user=username password=password profile=default add-default-route=no allow=pap,chap,mschap1,mschap2 disabled=no

LAN traffic with firewall mangle & add a route 176.16.0.1 to marked trafic
Code:
/ip firewall mangle
add chain=prerouting src-address=192.168.1.0/24 action=mark-routing new-routing-mark=Lan_traffic passthrough=no
/ip route
add dst-address=0.0.0.0/0 gateway=176.16.0.1 routing-mark=Lan_traffic

LAN clients cant reach to INTERNET via ISP1
Please help

Engitech · February 16, 2012, 8:40pm

Hello
The problem is maybe with nat masquerading or forwarding rules.
In the Mikrotik_Server connected to ISP1 with IP: 250...* - Are these rules ok for range 192.168.0.0/24?

Do you have a route in this router to route 192.168.1.0/24 and use gateway 172.16.0.2 ?

arsenm · February 17, 2012, 12:29am

I have next configuration:

SP1

/ip route print

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 250...1 0
1 ADC 176.16.0.2/32 176.16.0.1 0
2 A S 192.168.1.0/24 WAN 1
3 ADC 250...0/22 250...129 WAN 0

/ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 D 250...129/22 250...0 WAN
1 D 176.16.0.1/32 176.16.0.2

ISP2

/ip route print

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 176.16.0.1 1
1 ADS 0.0.0.0/0 75...1 0
2 ADC 176.16.0.1/32 176.16.0.2 pptp-out1 0
3 ADC 192.168.1.0/24 192.168.1.1 LAN 0
4 ADC 75...0/21 75...90 WAN 0

/ip address print

ADDRESS NETWORK INTERFACE

0 192.168.1.1/24 192.168.1.0 LAN
1 D 75...90/21 75...0 WAN
2 D 176.16.0.2/32 176.16.0.1 pptp-out1

/ip firewall mangle print
0 chain=prerouting action=mark-routing new-routing-mark=Lan_traffic passthrough=no src-address=192.168.1.0/24

Engitech · February 17, 2012, 8:28pm

In ISP1 router.

the route 2 is wrong.

You must have:
2 A S 192.168.1.0/24 172.16.0.2 1

arsenm · February 17, 2012, 11:57pm

i tried to change , but shows “unreachable”

Engitech · February 18, 2012, 11:03pm

try to delete the route and recreate it … your interface for this route is not wan1 but pptp-in.