Community discussions

MikroTik App
 
User avatar
GreaterTX
just joined
Topic Author
Posts: 22
Joined: Mon Feb 25, 2019 6:47 am

VPN Blocking "random" access to remote IPs

Wed Jun 02, 2021 2:20 am

So there's no consistency here, my guess as I think I've seen it before is technically when the device perhaps doesn't have the correct "gateway" configured or a gateway configured period it seems to not respond to connectivity over the VPN? Would something like that make sense?

More detail;

Have a remote site, with a bunch of IP Cameras configured by a previous vendor. I can access a good portion of the cameras over the VPN for configuration updates. However random sporadic ones (IE not a range / block, but random ones throughout) do not respond to remote VPN access.

It's an IPSec VPN for remote user access.

So I'm wondering if for some reason if perhaps they configured a static IP on the device, but didn't fill in the gateway info / skipped it, perhaps those ones are the ones not working? Is there anything else I could try remotely to troubleshoot. I do have full management access so if you want me to pull any specific config areas.

The ones I am able to access I confirmed they do indeed have the correct static gateway (mikrotik router) configured manually, unfortunately to check the other ones I assume I have to go on site. Unless there's a way I can manually force a route or something?
 
tdw
Forum Guru
Forum Guru
Posts: 1845
Joined: Sat May 05, 2018 11:55 am

Re: VPN Blocking "random" access to remote IPs  [SOLVED]

Wed Jun 02, 2021 2:50 am

Yes, if the cameras and controller/recorder are in the same subnet they do not require a gateway setting - it is only used for communication outside of the subnet, e.g. with your VPN.

If this is the case you should be able to ping the cameras from the Mikrotik to which they are attached. You could add a src-nat rule on that Mikrotik so traffic from your VPN connection appears to originate from the Mikrotik as far as the cameras are concerned.
 
User avatar
GreaterTX
just joined
Topic Author
Posts: 22
Joined: Mon Feb 25, 2019 6:47 am

Re: VPN Blocking "random" access to remote IPs

Wed Jun 02, 2021 3:18 am

Yes, if the cameras and controller/recorder are in the same subnet they do not require a gateway setting - it is only used for communication outside of the subnet, e.g. with your VPN.

If this is the case you should be able to ping the cameras from the Mikrotik to which they are attached. You could add a src-nat rule on that Mikrotik so traffic from your VPN connection appears to originate from the Mikrotik as far as the cameras are concerned.
Great thanks, that makes sense. I can indeed ping them no problem via the MikroTik its self.

So from IP > Firewall > NAT

I would create a src-nat rule? Could you provide some assistance on what I would want to check off to basically allow all VPN (192.186.100.x) to be seen as 192.168.0.x

is it simply just entering the source address and destination address network? as a srcnat rule or is there additional?

Thanks!
 
tdw
Forum Guru
Forum Guru
Posts: 1845
Joined: Sat May 05, 2018 11:55 am

Re: VPN Blocking "random" access to remote IPs

Wed Jun 02, 2021 2:14 pm

Yes, source (192.186.100.0/24) and destination (192.168.0.0/24) addresses on the General tab, but also on the Action tab change Action to masquerade. The equivalent command in a terminal window is
/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.0.0/24 src-address=192.168.100.0/24


Depending on what other rules are present the ordering of them may need to be altered as they are processed in order. It is wise to use safe mode when making remote changes so if you add or alter something which breaks access the changes are rolled back.

Who is online

Users browsing this forum: go4030, Google [Bot] and 39 guests