Hello,
I would like to ask, If there is way to have forwarding PPTP port on Windows VPN server and have management VPN on mikrotik in case Windows server goes down to be able to get to LAN?
Sure. No problem. In LAN network, we have Windows server configured as VPN server. It's virtual server on vmware. On mikrotik there is set forward for PPTP protokol on this Windows server. Few days ago, Windows server crushed. I had to ride there to check what's the problem is, logon to vmware and restart server. My goal is to avoid riding on the location. So I need to be able to get to LAN, so I can at least logon on vmware.Can you explain your question a little more, please?
That's the information that I love to hear. Thank you!If your account is listed locally, you won't have to worry about AD.
# mar/06/2014 13:28:39 by RouterOS 6.10
# software id = GJKC-BMCB
#
/interface bridge
add arp=proxy-arp comment="Bridge LAN and WIFI" l2mtu=1598 name=bridge1
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp comment=.::WAN::.
set [ find default-name=ether2 ] comment=.::LAN::.
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2set [ find default-name=ether5 ] master-port=ether2
/interface pptp-server
add name=pptp-in1 user=adminvpn
/ip neighbor discovery
set ether1 comment=.::WAN::.
set ether2 comment=.::LAN::.
set bridge1 comment="Bridge LAN and WIFI"
/interface wireless security-profiles
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed \
mode=dynamic-keys name=WPA2Profile supplicant-identity="" \
wpa2-pre-shared-key=inteligence
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyg comment=.::WIFI::. country=\
"czech republic" disabled=no hide-ssid=yes ht-rxchains=0 ht-txchains=0 \
l2mtu=2290 mode=ap-bridge name=Jarvis security-profile=WPA2Profile ssid=\
Jarvis
/ip neighbor discovery
set Jarvis comment=.::WIFI::.
/interface wireless manual-tx-power-table
set Jarvis comment=.::WIFI::.
/interface wireless nstreme
set Jarvis comment=.::WIFI::.
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:93:03:01 master-interface=\
Jarvis name=GuestWifi security-profile=WPA2Profile ssid=GuestWifi \
wds-cost-range=0 wds-default-cost=0
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=GuestWifiPool ranges=192.168.100.100-192.168.100.110
add name=adminVPNPool ranges=192.168.99.250-192.168.99.254
/ip dhcp-server
add address-pool=GuestWifiPool disabled=no interface=GuestWifi name=\
GuestWifiDHCP
add address-pool=adminVPNPool interface=ether1 name=adminVPN
/ppp profile
add dns-server=192.168.99.3,192.168.99.4,8.8.8.8 local-address=192.169.99.1 \
name=VPNprofil only-one=no remote-address=adminVPNPool use-encryption=yes \
wins-server=0.0.0.0
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge1 interface=Jarvis
add bridge=bridge1 interface=ether2
/interface pptp-server server
set authentication=mschap2 default-profile=default enabled=yes
/ip address
add address=192.168.99.1/24 interface=ether2 network=192.168.99.0
add address=192.168.100.1/24 interface=GuestWifi network=192.168.100.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1 use-peer-dns=no
/ip dhcp-relay
add dhcp-server=192.168.99.3,192.168.99.4 interface=ether2 local-address=\
192.168.99.1 name=relay1
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.100.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
192.168.99.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
192.168.100.0/24
add action=passthrough chain=dstnat disabled=yes dst-port=1723 in-interface=\
ether1 protocol=tcp to-addresses=192.168.99.1
add action=dst-nat chain=dstnat disabled=yes dst-port=1723 in-interface=ether
protocol=tcp to-addresses=192.168.99.3
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8888
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/ppp secret
add name=adminvpn password=inteligence profile=VPNprofil service=pptp
/system clock
set time-zone-name=Europe/Prague
/system leds
set 0 interface=Jarvis