I really need help with my setup. I have made a VPN IPSec/L2TP connection between my routers but routers dont reach each other's gateways (i can ping from one router to another's router's WAN but not LAN). So right now i have unpluged them from the ISP and connected those two router's either 1 ports with a cable. To help you understand- Router A either 1 connected to router B either 1 , Router A either 2 is connected to a client and router B either 2 is connected to a another client.My goal is to send a ping from one LAN to another LAN (letting the clients to communicate)
So i have two mikrotik routers. router A is: WAN 10.40.2.211 LAN 10.10.11.1 router B is WAN 10.40.2.222 LAN 10.10.12.1.
When i try to ping from first router to another routers LAN (10.40.2.211 to 10.10.12.1) it times out. Im accepting any ideas which will make this work or if you need more information just ask.
I will add my both configs, i hope you smart people can find what is wrong.
Code: Select all
Router A config (name is "Pirmas"):
/interface ipip
add allow-fast-path=no ipsec-secret=159357 !keepalive local-address=\
10.40.2.211 name=ipip-tunnel1 remote-address=10.40.2.222
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pool1 ranges=10.10.11.2-10.10.11.200
add name=l2tp ranges=10.10.11.200-10.10.11.220
/ip dhcp-server
add address-pool=pool1 disabled=no interface=ether2 name=server1
/ppp profile
add dns-server=8.8.8.8 local-address=10.40.2.211 name=L2TP remote-address=\
l2tp
/interface l2tp-server server
set enabled=yes ipsec-secret=159357 use-ipsec=yes
/ip address
add address=10.40.2.211/24 interface=ether1 network=10.40.2.0
add address=10.10.11.1/24 interface=ether2 network=10.10.11.0
add address=10.10.11.254/24 interface=ipip-tunnel1 network=10.10.11.0
/ip dhcp-server network
add address=10.10.11.0/24 dns-server=8.8.8.8 gateway=10.10.11.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=input comment="Reikalingas PPTP" dst-port=1723 \
protocol=tcp
add action=accept chain=input comment="PPTP reikalingas" protocol=gre
add action=accept chain=input comment=Winboxui dst-port=8291 protocol=tcp
add action=accept chain=input in-interface=ether1 protocol=ipsec-esp
add action=accept chain=input dst-port=500,4500,1701 in-interface=ether1 \
protocol=udp
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=input comment="default configuration" in-interface=\
ether1
/ip firewall nat
add action=accept chain=srcnat dst-address=10.10.12.0/24 src-address=\
10.10.11.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec peer
add address=10.40.2.222/32 local-address=10.40.2.211 secret=159357
/ip ipsec policy
add dst-address=10.10.12.0/24 sa-dst-address=10.40.2.222 sa-src-address=\
10.40.2.211 src-address=10.10.11.0/24 tunnel=yes
/ip route
add distance=1 gateway=10.40.2.1
add disabled=yes distance=1 dst-address=10.10.11.0/24 gateway=ether2
add distance=1 dst-address=10.10.12.0/24 gateway=ipip-tunnel1
/ppp secret
add name=abc password=abc123 profile=L2TP service=l2tp
ROUTER B CONFIG:
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] ssid=MikroTik
/interface ipip
add allow-fast-path=no ipsec-secret=159357 !keepalive local-address=\
10.40.2.222 name=ipip-tunnel1 remote-address=10.40.2.211
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1 ranges=10.10.12.2-10.10.12.200
/ip dhcp-server
add address-pool=pool1 disabled=no interface=ether2 name=server1
/ip address
add address=10.40.2.222/24 interface=ether1 network=10.40.2.0
add address=10.10.11.1/24 interface=ether2 network=10.10.11.0
add address=10.10.11.254 interface=ipip-tunnel1 network=10.10.11.254
/ip dhcp-server network
add address=10.10.12.0/24 dns-server=8.8.8.8 gateway=10.10.12.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=input comment="Reikalingas PPTP" dst-port=1723 \
protocol=tcp
add action=accept chain=input comment="PPTP reikalingas" protocol=gre
add action=accept chain=input comment=Winboxui dst-port=8291 protocol=tcp
add action=accept chain=input in-interface=ether1 protocol=ipsec-esp
add action=accept chain=input dst-port=500,4500,1701 in-interface=ether1 \
protocol=udp
add action=drop chain=forward comment="default configuration" \
connection-state=invalid disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1
/ip firewall nat
add action=accept chain=srcnat dst-address=10.10.11.0/24 src-address=\
10.10.12.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec peer
add address=10.40.2.211/32 local-address=10.40.2.222 secret=159357
/ip ipsec policy
add dst-address=10.10.11.0/24 sa-dst-address=10.40.2.211 sa-src-address=\
10.40.2.222 src-address=10.10.12.0/24 tunnel=yes
/ip route
add distance=1 gateway=10.40.2.1
add distance=1 dst-address=10.10.11.0/24 gateway=ipip-tunnel1