VPN & Routing

diceman · November 29, 2005, 11:10am

Hi all,
I would like to set up a VPN among my NOC and remote users via MT and Windows embedded VPN client.
I would like (if possible) to let my clients be aware of all networks known by MT. By know, once I log into my VPN (PPTP), I receive the route

192.168.10.0 255.255.255.0 192.168.10.98 192.168.10.98

where the IP that I get from my VPN is 192.168.10.98. I’ve chosen (advanced settings on my Microsoft VPN connection profile) to keep my default gateway (and not the remote one), so my DG is:

0.0.0.0 0.0.0.0 192.168.0.10 192.168.0.11

With such a configuration I’m able to surf the Internet via my ADSL connection (DG 192.168.0.10) and access PCs in my NOC on network 192.168.10.0. MT in my NOC also knows other networks: 172.20.0.0 , 10.0.0.0. If I manually add new (static) routes to these networks on my PC (WinXP):

172.16.0.0 255.255.0.0 192.168.10.98 192.168.10.98
10.0.0.0 255.0.0.0 192.168.10.98 192.168.10.98

I’m able to reach these two new networks from my PC via the VPN connection.
Is there a way to automate this process? It could be done with the option to use the remote DG, but in this way ALL the traffic will be redirected to this DG.
Instead, MT should “transmit” all (or some of them) its known networks to VPN clients as they log in. This will let it possible to operate like this also for users that are not able to modify routing table on their PCs.

Regards

diceman · November 30, 2005, 9:28am

thanks for the answer… beautiful forum of competent people.

Tonda · November 30, 2005, 7:10pm

Hey you competent, have you carefully read the Mikrotik manual (PPTP Application Examples)? I think there are some examples how to add routes to client configuration of PPTP server in Mikrotik…

diceman · December 2, 2005, 1:39pm

bed and problem not resolved. however the message on the competence was essentially turned the administrators of the forum inasmuch as this comes called “forum of support”

Tonda · December 2, 2005, 2:35pm

Can you be more specific? What changes in PPP configuration did you performed? What does not work?

diceman · December 2, 2005, 3:01pm

ok, nothing changes in configuration PPP.
I have only created the account, the profiles and started the service.
The problem is that if I remove as default gw from the system win towards the vpn, the client it only knows the subnet that vpn the server release the DHCP (192.168.10.x).
in my office there is pure a zone DMZ (10.0.0.x) and an other net (172.20.x.x) only that I do not succeed from client in vpn catching up, not knowing it.

I want to avoid to leave like default gateway the server vpn in order to avoid that all my packages from house child’s step on the server vpn.

I would want to have one made table of routing therefore with the connected PC client in vpn

Route attive:

Indirizzo rete Mask Gateway Interfac. Metric

0.0.0.0 0.0.0.0 192.168.0.10 192.168.0.11 1

81.174.20.59 255.255.255.255 192.168.0.10 192.168.0.12 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.0.0 255.255.255.0 192.168.0.11 192.168.0.11 30

192.168.0.0 255.255.255.0 192.168.0.12 192.168.0.12 20

192.168.0.11 255.255.255.255 127.0.0.1 127.0.0.1 30

192.168.0.12 255.255.255.255 127.0.0.1 127.0.0.1 20

192.168.0.255 255.255.255.255 192.168.0.11 192.168.0.11 30

192.168.0.255 255.255.255.255 192.168.0.12 192.168.0.12 20

192.168.10.95 255.255.255.255 127.0.0.1 127.0.0.1 50

192.168.10.255 255.255.255.255 192.168.10.95 192.168.10.95 50

172.20.0.0 255.255.0.0 192.168.10.254 192.168.10.95 50

10.0.0.0 255.255.0.0 192.168.10.254 192.168.10.95 50

224.0.0.0 240.0.0.0 192.168.0.11 192.168.0.11 30

224.0.0.0 240.0.0.0 192.168.0.12 192.168.0.12 20

224.0.0.0 240.0.0.0 192.168.10.95 192.168.10.95 1

255.255.255.255 255.255.255.255 192.168.0.11 192.168.0.11 1

255.255.255.255 255.255.255.255 192.168.0.12 192.168.0.12 1

255.255.255.255 255.255.255.255 192.168.10.95 192.168.10.95 1

Gateway predefinito: 192.168.0.10 (my gateway home)

and not therefore, leaving like default gw the address of the server vpn:

Route attive:

Indirizzo rete Mask Gateway Interfac. Metric

0.0.0.0 0.0.0.0 192.168.0.10 192.168.0.12 21

0.0.0.0 0.0.0.0 192.168.0.10 192.168.0.11 31

0.0.0.0 0.0.0.0 192.168.10.95 192.168.10.95 1

81.174.20.59 255.255.255.255 192.168.0.10 192.168.0.12 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.0.0 255.255.255.0 192.168.0.11 192.168.0.11 30

192.168.0.0 255.255.255.0 192.168.0.12 192.168.0.12 20

192.168.0.11 255.255.255.255 127.0.0.1 127.0.0.1 30

192.168.0.12 255.255.255.255 127.0.0.1 127.0.0.1 20

192.168.0.255 255.255.255.255 192.168.0.11 192.168.0.11 30

192.168.0.255 255.255.255.255 192.168.0.12 192.168.0.12 20

192.168.10.95 255.255.255.255 127.0.0.1 127.0.0.1 50

192.168.10.255 255.255.255.255 192.168.10.95 192.168.10.95 50

224.0.0.0 240.0.0.0 192.168.0.11 192.168.0.11 30

224.0.0.0 240.0.0.0 192.168.0.12 192.168.0.12 20

224.0.0.0 240.0.0.0 192.168.10.95 192.168.10.95 1

255.255.255.255 255.255.255.255 192.168.0.11 192.168.0.11 1

255.255.255.255 255.255.255.255 192.168.0.12 192.168.0.12 1

255.255.255.255 255.255.255.255 192.168.10.95 192.168.10.95 1

Gateway predefinito: 192.168.10.95 (address Server VPN)

therefore reassuming I do not want to make to pass all the traffic from vpn the server, but only that directing to subnet
10.0.0.0/16
172.20.0.0/16
192.168.20.0/24

thnx

PS: this job I want that the face the server vpn and not the client on which it would be enough to add that the 2 routes are raeaching from the interface vpn (would be too much difficult to explain it to all)

Tonda · December 2, 2005, 3:46pm

So you need to push some routes to client, need not you? This is why I asked you to read manual, there is example how to add routes to client.. (parameter route in PPP config).

diceman · December 2, 2005, 4:15pm

through the routers, but therefore to know to the server the subnet of the client and to me it interests to introduce to client the subnet of the server…

Tonda · December 2, 2005, 8:36pm

How to manually add routes, that are pushed to client when connecting to PPTP server (from manual):

On the PPTP server it can alternatively be done using routes parameter of the user configuration:
[admin@HomeOffice] ppp secret> print detail
Flags: X - disabled
0 name=“ex” service=pptp caller-id=“” password=“lkjrht” profile=default
local-address=10.0.103.1 remote-address=10.0.103.2 routes==“”
[admin@HomeOffice] ppp secret> set 0 routes=“10.150.1.0/24 10.0.103.2 1”
[admin@HomeOffice] ppp secret> print detail
Flags: X - disabled
0 name=“ex” service=pptp caller-id=“” password=“lkjrht” profile=default
local-address=10.0.103.1 remote-address=10.0.103.2
routes=“10.150.1.0/24 10.0.103.2 1”

diceman · December 6, 2005, 5:09pm

Thank you Tonda,
my configuration was already like this. My routes on MT is as follows:

1 name=“carlo” service=pptp caller-id=“” password=“*******”
profile=default-encryption local-address=192.168.10.1
remote-address=192.168.10.98 routes=“10.0.0.0/8 192.168.10.98 1”
limit-bytes-in=0 limit-bytes-out=0

where 192.168.10.1 is MT address and the remote address (the one I get on the client as logged-in) is 192.168.10.98. The problem is that wen I login into VPN server, I do not get back the expected route:

10.0.0.0 255.0.0.0 192.168.10.98 192.168.10.98

Do you have an idea what the problem might be?

Regards