Hello,
i don't know if you have a french support so i try to explain my problem in English.
I have a Mikrotik with RouterOS v6.39.2.
I can connect with my VPN, i have an ip adresse on the target network and can ping everybody in the network.
BUT, i'm not able to acces web UI on my IP Phone Yealink.
Here find my configuration :
admin@MikroTik] > /ip pool print
0 dhcp 192.168.11.100-192.168.11.199
1 PPTP IP POOL 192.168.100.100-192.168.100.200
[admin@MikroTik] > /ppp profile print detail
0 * name="default" local-address=PPTP IP POOL remote-address=PPTP IP POOL idle-timeout=12h use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=yes use-upnp=default address-list="" dns-server=192.168.11.1 on-up="" on-down=""
1 name="TEST" local-address=dhcp remote-address=dhcp use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=yes use-upnp=default address-list="" dns-server=192.168.11.1 on-up="" on-down=""
2 * name="default-encryption" use-mpls=default use-compression=default use-encryption=yes only-one=default change-tcp-mss=yes use-upnp=default rate-limit="128000/256000" address-list="" on-up="" on-down=""
[admin@MikroTik] > /ppp secret print detail
0 name="xxx" service=any caller-id="" password="xxx" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=jul/25/2016 22:19:13
1 name="xxx" service=any caller-id="" password="xxx" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=may/01/2018 13:38:26
2 name="xxx" service=any caller-id="" password="xxx" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=apr/30/2018 11:36:54
[admin@MikroTik] > /interface pptp-server server print
enabled: yes
max-mtu: 1450
max-mru: 1450
mrru: 1600
authentication: mschap1,mschap2
keepalive-timeout: 30
default-profile: default
[admin@MikroTik] > /ip firewall filter print detail
chain=input action=accept protocol=icmp in-interface=!ether1-gateway log=no log-prefix=""
chain=forward action=accept in-interface=all-ppp log=yes log-prefix="VPN"
chain=input action=accept in-interface=all-ppp log=yes log-prefix="VPN"
chain=forward action=accept protocol=gre in-interface=ether1-gateway log=yes log-prefix="VPN"
chain=input action=accept protocol=udp in-interface=ether1-gateway dst-port=1723 log=yes log-prefix="VPN"
chain=input action=accept protocol=tcp in-interface=ether1-gateway dst-port=1723 log=yes log-prefix="VPN"
chain=input action=accept connection-state=established,related log=no log-prefix="DEFAULT REALATED INPUT"
chain=forward action=accept connection-state=established,related log=no log-prefix="DEFAULT RELATED OUTPUT"
chain=input action=drop in-interface=ether1-gateway log=yes log-prefix="drop input"
chain=forward action=drop connection-state=invalid log=yes log-prefix="drop forward"
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no log-prefix=""
[admin@MikroTik] > /interface ethernet print
0 R ether1-gateway 1500 00:22:B0:68:33:87 enabled none switch1
1 S ether2 1500 E4:8D:8C:15:E1:A2 enabled none switch1
2 S ether3 1500 E4:8D:8C:15:E1:A3 enabled none switch1
3 RS ether4 1500 E4:8D:8C:15:E1:A4 enabled none switch1
4 S ether5 1500 E4:8D:8C:15:E1:A5 enabled none switch1
5 RS ether6-master-local 1500 E4:8D:8C:15:E1:A6 enabled none switch2
6 S ether7-slave-local 1500 E4:8D:8C:15:E1:A7 enabled ether6-master-local switch2
7 S ether8-slave-local 1500 E4:8D:8C:15:E1:A8 enabled ether6-master-local switch2
8 S ether9-slave-local 1500 E4:8D:8C:15:E1:A9 enabled ether6-master-local switch2
9 S ether10-slave-local 1500 E4:8D:8C:15:E1:AA enabled ether6-master-local switch2
10 S sfp1 1500 E4:8D:8C:15:E1:A0 enabled none switch1
[admin@MikroTik] > /ip firewall nat print detail
chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix=""
chain=dstnat action=dst-nat to-addresses=192.168.11.5 to-ports=3389 protocol=tcpm in-interface=ether1-gateway dst-port=3389 log=yes log-prefix="RDP SERVEUR"
Could you please help me ?
-
-
CZFan
Forum Guru
- Posts: 2098
- Joined:
- Location: South Africa, Krugersdorp (Home town of Brad Binder)
- Contact:
Re: Can't access web ui with VPN
Update device to 6.40.8 to close down security vulnerabilities
You say you can access other devices on the LAN via VPN, so my assumption is the necessary routes are in place.
Can you ping the IP Phone from VPN? If not, does the IP Phone have a gateway configured?
You say you can access other devices on the LAN via VPN, so my assumption is the necessary routes are in place.
Can you ping the IP Phone from VPN? If not, does the IP Phone have a gateway configured?
Re: Can't access web ui with VPN
Ok i updated it as soon as it's possible.
Yes i can ping the phone from VPN but can't access to the webui
I test to change my VPN IP POOL to have the same range of adress but no change :/
Yes i can ping the phone from VPN but can't access to the webui
I test to change my VPN IP POOL to have the same range of adress but no change :/
Re: Can't access web ui with VPN
if you can ping the IP phone, the router is configured correctly. Silly question, you can access the yealink UI when connected to LAN correct? you can set up a firewall rule, with src-address to be your VPN remote address, dst-address=IP of Yeal link, action=passthrough, enable log, and watch the log, see what's happening to the traffic.
-
-
CZFan
Forum Guru
- Posts: 2098
- Joined:
- Location: South Africa, Krugersdorp (Home town of Brad Binder)
- Contact:
Re: Can't access web ui with VPN
To add to above post from solar77, do you have any mangle / policy based routing as that can cause issues. If so, best will be to post full config (export hide-sensitive) after changing sensitive info such as WAN IP, etc.
Re: Can't access web ui with VPN
I can connect with my VPN, i have an ip adresse on the target network and can ping everybody in the network.
BUT, i'm not able to acces web UI on my IP Phone Yealink.
Allow www service access from VPN's DHCP range adresses.
Code: Select all
ip service print
ip service set [service numer] address=192.168.100.0/24
Re: Can't access web ui with VPN
Thanks a lot for all your replies.
@solar77 : Can't do this rules, i have near to 40 phones ... need 40 rules ^^'
@CZFan : No mangle policy and all routes was automatic
@WirtelPL : Thanks a lot !!! this command allow me to have access of my phone's WebUI.
Everything it's OK now.
Sorry for my bad english
Cheers,
V.
@solar77 : Can't do this rules, i have near to 40 phones ... need 40 rules ^^'
@CZFan : No mangle policy and all routes was automatic
@WirtelPL : Thanks a lot !!! this command allow me to have access of my phone's WebUI.
Everything it's OK now.
Sorry for my bad english
Cheers,
V.
-
-
staplebattery
just joined
- Posts: 20
- Joined:
Re: Can't access web ui with VPN
I have the same problem with a point to point IPSec VPN. From site A I can access site A's router but not site B's router over the VPN. From site B I can access site B's router and site A's router. Only the web config is inaccessible. Everything else works fine. It just times out. I can't find any way to debug this or find out what's wrong. Is there some setting that blocks the web UI outside of it's own C class? One network is 192.168.5.1 and the other is 192.168.6.1. It makes no sense.
-
-
staplebattery
just joined
- Posts: 20
- Joined:
Re: Can't access web ui with VPN
Allow www service access from VPN's DHCP range adresses.
Code: Select allip service print ip service set [service numer] address=192.168.100.0/24
Where is the control for this inside the GUI?
Re: Can't access web ui with VPN
Your tip has resolved my problem tooI can connect with my VPN, i have an ip adresse on the target network and can ping everybody in the network.
BUT, i'm not able to acces web UI on my IP Phone Yealink.
Allow www service access from VPN's DHCP range adresses.
Code: Select allip service print ip service set [service numer] address=192.168.100.0/24
Regards
Marcus