Community discussions

MikroTik App
 
vovgolovin
just joined
Topic Author
Posts: 2
Joined: Sun May 17, 2020 2:46 pm

Problems with setting VPN and repeater on hap ac2

Sun May 17, 2020 3:17 pm

Hello everyone,

I’m new at MikroTik, and I have some problems to set up VPN and route all my traffic through it.
First off all I have Huawei E5372 working at 5GHz, so I set up a repeater on my hap ac2 wlan2 interface.
/interface wireless setup-repeater number=wlan2 address=XX:XX:XX:XX:XX:XX ssid=MyHuaweiWIFI passphrase=MyPassword
Then I setup DHCP client adding default route with distance 2
/ip dhcp-client add interface=bridge disabled=no add-default-route=yes default-route-distance=2
It acquires IP address from my Huawei (192.168.8.8 for example)
Connect to my vpn adding default route with distance 1
/interface pptp-client add name=pptp-out1 user=MyUserName password= MyPasswordForVPN connect-to=46.1.101.100 disabled=no add-default-route=yes
MikroTik connect without a problem and pptp-out1 is reachable.
I get routes like this:
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 pptp-out1 1
1 DS 0.0.0.0/0 192.168.8.1 2
2 ADS 46.1.101.100/32 192.168.8.1 0
3 ADC 192.168.1.1/32 192.168.8.3 pptp-out1 0
4 ADC 192.168.8.0/24 192.168.8.8 bridge1 0
Setting up nat
/ip firewall nat add action=masquerade chain=srcnat out-interface= pptp-out1
Then I look up my ip (at https://www.whatismyip.com/) and it shows my Huawei IP, like I’m not connected to VPN, so my traffic doesn’t go through my VPN gateway.
Then I tried to remove default route for VPN and set up Policy Based Routing
/ip firewall address-list add address=192.168.8.0/24 list=LocalAddress
/ip firewall mangle add action=mark-routing chain=prerouting dst-address=0.0.0.0 dst-address-list=”!LocalAddress” new-routing-mark=VPN passthrough=yes src-address=192.168.8.0/24
/ip route add distance=1 gateway=pptp-out1 routing-mark=VPN
But the result stays the same. I guess that is because there is a conflict between my routes to Huawei Modem and VPN. Is there any possible way to route all my traffic through vpn?
 
User avatar
mutluit
Long time Member
Long time Member
Posts: 505
Joined: Wed Mar 25, 2020 4:04 am

Re: Problems with setting VPN and repeater on hap ac2

Wed May 20, 2020 10:02 pm

You should draw a network diagram as it simplifies to understand the problem.
 
vovgolovin
just joined
Topic Author
Posts: 2
Joined: Sun May 17, 2020 2:46 pm

Re: Problems with setting VPN and repeater on hap ac2

Fri May 22, 2020 8:47 pm

Route scheme.jpg
Attaching my config also:
# jan/02/1970 00:15:06 by RouterOS 6.46.4
# software id = FL78-D138
#
# model = RBD52G-5HacD2HnD
/interface bridge
add name=bridge1 protocol-mode=none
/interface wireless
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik
/interface pptp-client
add connect-to=46.101.1.100 disabled=no name=pptp-out1 user=MyUserName
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=wlan1-HuaweiE53726-repeater \
    supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=\
    station-pseudobridge security-profile=wlan1-HuaweiE53726-repeater ssid=HuaweiE53726
add disabled=no mac-address=C6:AD:34:7E:F4:A2 master-interface=wlan1 name=wlan3 \
    security-profile=wlan1-HuaweiE53726-repeater ssid=HuaweiE53726
/interface bridge port
add bridge=bridge1 interface=wlan3
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/ip dhcp-client
add default-route-distance=2 disabled=no interface=bridge1
/ip firewall address-list
add address=192.168.8.0/24 list=LocalAddress
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=0.0.0.0 dst-address-list=\
    !LocalAddress new-routing-mark=VPN passthrough=yes src-address=\
    192.168.8.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pptp-out1
/ip route
add distance=1 gateway=pptp-out1 routing-mark=VPN
You do not have the required permissions to view the files attached to this post.
 
EnigmAX
just joined
Posts: 11
Joined: Tue May 20, 2014 9:49 pm

Re: Problems with setting VPN and repeater on hap ac2

Sat May 23, 2020 2:17 am

In /ip firewall mangle, I think your dst-address should be 0.0.0.0/0.
Also enable logging for your mangle rule and check your logs that it actually matches your traffic.

Who is online

Users browsing this forum: amt, Bing [Bot], solar77 and 37 guests