Hello,
please help me with routing tp vpn network issues.
I can't ping host in vpn network from lan (192.168.100.0/24).
But when I try directly from mikrotik through vpnclient interface it works.
My configuration:
RouterOS 5.20
/interface print
NAME TYPE MTU L2MTU MAX-L2MTU
0 R KAB ether 1500 1600 9116
1 R LAN ether 1500 1600 9500
2 R NEO ether 1500 1600 9500
3 R vpnclient pptp-out 1460
LAN - local network
KAB, NEO - ISP network
vpnclient - vpn network
/ip address print
ADDRESS NETWORK INTERFACE
0 192.168.100.110/24 192.168.100.0 LAN
1 192.168.1.2/24 192.168.1.0 NEO
2 1XX.2XX.68.146/24 1XX.2XX.68.0 KAB
3 D 172.20.99.22/32 172.20.99.21 vpnclient
vpn network: 172.20.0.0/16
vpn gateway address: 172.20.99.21
/ip firewall nat print
0 chain=srcnat action=masquerade out-interface=NEO
1 chain=srcnat action=masquerade out-interface=KAB
2 chain=srcnat action=masquerade out-interface=vpnclient
I have two ISP with PPC load balancing
/ip firewall mangle print
0 chain=prerouting action=accept dst-address=192.168.1.0/24 in-interface=LAN
1 chain=prerouting action=accept dst-address=1XX.2XX.68.0/24 in-interface=LAN
2 chain=prerouting action=mark-connection new-connection-mark=KAB_conn passthrough=yes in-interface=KAB connection-mark=no-mark
3 chain=prerouting action=mark-connection new-connection-mark=NEO_conn passthrough=yes in-interface=NEO connection-mark=no-mark
4 chain=prerouting action=mark-connection new-connection-mark=NEO_conn passthrough=yes dst-address-type=!local in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses-and-ports:3/0
5 chain=prerouting action=mark-connection new-connection-mark=KAB_conn passthrough=yes dst-address-type=!local in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses-and-ports:3/1
6 chain=prerouting action=mark-connection new-connection-mark=KAB_conn passthrough=yes dst-address-type=!local in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses-and-ports:3/2
7 chain=prerouting action=mark-routing new-routing-mark=to_NEO passthrough=yes in-interface=LAN connection-mark=NEO_conn
8 chain=prerouting action=mark-routing new-routing-mark=to_KAB passthrough=yes in-interface=LAN connection-mark=KAB_conn
9 chain=output action=mark-routing new-routing-mark=to_NEO passthrough=yes connection-mark=NEO_conn
10 chain=output action=mark-routing new-routing-mark=to_KAB passthrough=yes connection-mark=KAB_conn
/ip route print
DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.1.1 1
1 A S 0.0.0.0/0 1XX.2XX.68.1 1
2 A S 0.0.0.0/0 192.168.1.1 1
3 S 0.0.0.0/0 1XX.2XX.68.1 2
4 A S 172.20.0.0/16 vpnclient 1
5 ADC 172.20.99.21/32 172.20.99.22 vpnclient 0
6 ADC 192.168.1.0/24 192.168.1.2 NEO 0
7 ADC 192.168.100.0/24 192.168.100.110 LAN 0
8 ADC 1XX.2XX.68.0/24 1XX.2XX.68.146 KAB 0
What should I do for proper routing between lan and vpn ?
Regards