Community discussions

 
JJR70
just joined
Topic Author
Posts: 6
Joined: Tue Mar 03, 2015 3:27 am

No access to LAN over PPTP VPN (can only ping router)

Wed Aug 05, 2015 9:48 pm

Hello everyone. Using the MikroTik Wiki plus other online sources, I setup a PPTP VPN connection that includes a pool of VPN IPs. I am able to connect to the tunnel but can only access the MikroTik itself. I found an older thread with similar issues but don't quite understand the fix he posted.

I don't do much in the Terminal so I posted my personal notes then printed the output. Any help would be greatly appreciated.

MikroTik LAN IP: 192.168.25.1
LAN DHCP: 192.168.25.100-200

1. IP > Pool > Add New
Name: PPTP-pool
Addresses: 192.168.25.90-192.168.25.99

/ip pool print
# NAME RANGES
0 default-dhcp 192.168.25.100-192.168.25.200
1 PPTP-pool 192.168.25.90-192.168.25.99


2. PPP > Profiles > Add New
Name: PPTP-profile
Local Address: 192.168.25.1
Remote Address: PPTP-pool
Use IPv6: No
Use Encryption: Yes

/ppp profile print detail
0 * name="default" remote-ipv6-prefix-pool=none use-ipv6=yes use-mpls=default
use-compression=default use-vj-compression=default use-encryption=default
only-one=default change-tcp-mss=yes address-list=""

1 name="PPTP-profile" local-address=192.168.25.1 remote-address=PPTP-pool
remote-ipv6-prefix-pool=*0 use-ipv6=no use-mpls=default
use-compression=default use-vj-compression=default use-encryption=yes
only-one=default change-tcp-mss=default address-list=""

2 * name="default-encryption" remote-ipv6-prefix-pool=none use-ipv6=yes
use-mpls=default use-compression=default use-vj-compression=default
use-encryption=yes only-one=default change-tcp-mss=yes address-list=""


3. PPP > Secrets > Add New
Name: username
Password: password
Service: pptp
Profile: PPTP-profile

/ppp secret print detail
0 name="username" service=pptp caller-id="" password="password"
profile=PPTP-profile routes="" limit-bytes-in=0 limit-bytes-out=0


4. PPP > Interface > PPTP Server
Enabled: Yes
Max MTU: 1460
Max MRU: 1460
Default Profile: PPTP-profile
Only check mschap2

/interface pptp-server server print
enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: mschap2
keepalive-timeout: 30
default-profile: PPTP-profile


5. Firewall > Filter Rules > Add New
Chain: input
Protocol: 6 (tcp)
Dst. Port: 1723
Comment: PPTP configuration
Drag the new config to the top of the list (under the Protocol: 1 (icmp) rule)

6. Firewall > Filter Rules > Add New
Chain: input
Protocol: gre
Drag under the Port 1723 rule

/ip firewall filter print detail
0 ;;; default configuration
chain=input action=accept protocol=icmp in-interface=!ether1-gateway
log=no log-prefix=""

1 ;;; PPTP configuration
chain=input action=accept protocol=tcp dst-port=1723 log=no log-prefix=""

2 chain=input action=accept protocol=gre log=no log-prefix=""

3 ;;; default configuration
chain=input action=accept connection-state=established log=no
log-prefix=""

4 ;;; default configuration
chain=input action=accept connection-state=related log=no log-prefix=""

5 ;;; default configuration
chain=input action=drop in-interface=sfp1-gateway log=no log-prefix=""

6 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway log=no log-prefix=""


7. Interfaces > ether2
ARP: proxy-arp

/interface ethernet print
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 R ether1-g... 1500 D4:CA:6D:1C:85:F8 enabled none switch1
1 RS ether2 1500 D4:CA:6D:1C:85:F9 proxy-arp none switch1
2 S ether3 1500 D4:CA:6D:1C:85:FA enabled none switch1
3 S ether4 1500 D4:CA:6D:1C:85:FB enabled none switch1
4 S ether5 1500 D4:CA:6D:1C:85:FC enabled none switch1
5 S ether6-m... 1500 D4:CA:6D:1C:85:FD enabled none switch2
6 S ether7-s... 1500 D4:CA:6D:1C:85:FE enabled ether6-master... switch2
7 S ether8-s... 1500 D4:CA:6D:1C:85:FF enabled ether6-master... switch2
8 S ether9-s... 1500 D4:CA:6D:1C:86:00 enabled ether6-master... switch2
9 S ether10-... 1500 D4:CA:6D:1C:86:01 enabled ether6-master... switch2
10 sfp1-gat... 1500 D4:CA:6D:1C:85:F7 enabled none switch1

8. The IP settings of my workstation after connecting:
IP: 192.168.25.98
SUB: 255.255.255.255
DNS1: 192.168.25.1
DNS2: 97.64.183.164 (My ISP)
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1710
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: No access to LAN over PPTP VPN (can only ping router)

Wed Aug 05, 2015 10:04 pm

Try to make masquarade rule like on the picture.
L2TP.PNG
You do not have the required permissions to view the files attached to this post.
Real admins use real keyboards.
 
JJR70
just joined
Topic Author
Posts: 6
Joined: Tue Mar 03, 2015 3:27 am

Re: No access to LAN over PPTP VPN (can only ping router)

Thu Aug 06, 2015 12:33 am

Thank you, BartoszP! That solved it. I can see everything in the network now. :D

Here are my updated, unorthodox notes plus printouts. Hopefully they help someone in the future:

Example:
MikroTik LAN IP: 192.168.25.1
LAN DHCP: 192.168.25.100-200

1. IP > Pool > Add New
Name: PPTP-pool
Addresses: 192.168.25.88/29 (192.168.25.88-95)

/ip pool print
# NAME RANGES
0 default-dhcp 192.168.25.100-192.168.25.200
1 PPTP-pool 192.168.25.88/29


2. PPP > Profiles > Add New
Name: PPTP-profile
Local Address: 192.168.25.1
Remote Address: PPTP-pool
Use IPv6: No
Use Encryption: Yes
DNS: 8.8.8.8

/ppp profile print detail
1 name="PPTP-profile" local-address=192.168.25.1 remote-address=PPTP-pool
remote-ipv6-prefix-pool=*0 use-ipv6=no use-mpls=default
use-compression=default use-vj-compression=default use-encryption=yes
only-one=default change-tcp-mss=default address-list="" dns-server=8.8.8.8


3. PPP > Secrets > Add New
Name: username
Password: password
Service: pptp
Profile: PPTP-profile

/ppp secret print detail
0 name="username" service=pptp caller-id="" password="password"
profile=PPTP-profile routes="" limit-bytes-in=0 limit-bytes-out=0


4. PPP > Interface > PPTP Server
Enabled: Yes
Max MTU: 1460
Max MRU: 1460
Default Profile: PPTP-profile
Only check mschap2

/interface pptp-server server print
enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: mschap2
keepalive-timeout: 30
default-profile: PPTP-profile


5. Firewall > Filter Rules > Add New
Chain: input
Protocol: 6 (tcp)
Dst. Port: 1723
Comment: PPTP configuration
Drag the new rule to the top of the list (under the Protocol: 1 (icmp) rule)

6. Firewall > Filter Rules > Add New
Chain: input
Protocol: gre
Drag under the Port 1723 rule

/ip firewall filter print detail
0 ;;; default configuration
chain=input action=accept protocol=icmp in-interface=!ether1-gateway
log=no log-prefix=""
1 ;;; PPTP configuration
chain=input action=accept protocol=tcp dst-port=1723 log=no log-prefix=""
2 chain=input action=accept protocol=gre log=no log-prefix=""


7. Set up proxy-arp on the local interface.
Interfaces > ether2
ARP: proxy-arp

/interface ethernet print
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 R ether1-g... 1500 D4:CA:6D:1C:85:F8 enabled none switch1
1 RS ether2 1500 D4:CA:6D:1C:85:F9 proxy-arp none switch1


8. IP > Firewall > NAT > Add rule
Chain: srcnat
Src. Address: 192.168.25.88/29
Dst. Address: !192.168.25.88/29
Action: masquerade
Comment: PPTP NAT Rule

/ip firewall nat print detail
34 ;;; PPTP NAT Rule
chain=srcnat action=masquerade src-address=192.168.25.88/29
dst-address=!192.168.25.88/29 log=no log-prefix=""
 
Hell0Kitty
just joined
Posts: 5
Joined: Fri Jun 05, 2015 3:29 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Tue Sep 01, 2015 2:48 pm

I have some trouble, but with L2TP IPsec VPN.
My VPN devices(iPhone or MBA) don't see local network. But internet(web sites, etc) work fine.

1.> ip pool print
# NAME RANGES
0 dhcp 192.168.1.2-192.168.1.50
1 vpn_pool 192.168.1.88/29

2. > ppp profile print
Flags: * - default
1 ;;; VPN L2TP IPsec
name="L2TP" local-address=192.168.1.1 remote-address=vpn_pool
bridge=bridge-local use-mpls=default use-compression=default
use-encryption=default only-one=default change-tcp-mss=yes
address-list="" dns-server=192.168.1.1

3. > ppp secret print detail
Flags: X - disabled
0 ;;; VPN Account -
name="username" service=l2tp caller-id="" password="password"
profile=L2TP routes="" limit-bytes-in=0 limit-bytes-out=0

4. > interface l2tp-server server print
enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: mschap2
keepalive-timeout: 30
default-profile: L2TP
use-ipsec: yes
ipsec-secret: password

5. > ip firewall filter print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; =====VPN=====
chain=input action=accept connection-state=new protocol=udp dst-address=my IP (ISP) in-interface=WAN
dst-port=500,1701,4500 log=no log-prefix=""

1 chain=input action=accept connection-state=new protocol=ipsec-esp dst-address=my IP (ISP)
in-interface=WAN log=no log-prefix=""

6. > interface ethernet print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 RS ;;; =====Local Network=====
LAN1-PC 1500 MAC enabled none switch1
1 S LAN2-PS4 1500 MAC enabled LAN1-PC switch1
2 RS LAN3 1500 MAC enabled LAN1-PC switch1
3 RS LAN4 1500 MAC enabled LAN1-PC switch1
4 R ;;; =====Internet=====
WAN 1500 MAC enabled none switch1

7. > ip firewall nat print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface=WAN log=no log-pr

1 chain=srcnat action=masquerade src-address=192.168.1.88/29 dst-address=!192.168.1.88/29 l
log-prefix=""

8. > ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.1.1/24 network=192.168.1.0 interface=bridge-local actual-interface=bridge-local

1 D address=my IP ISP network=ISP interface=WAN actual-interface=WAN

2 D address=192.168.1.1/32 network=192.168.1.95 interface=<l2tp-vpn> actual-interface=<l2tp-vpn>

9. > ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=ISP gateway-status=ISP reachable via WAN distance=1 scope=30 target-scope=10 vrf-interface=WAN

1 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=bridge-local gateway-status=bridge-local reachable distance=0 scope=10

2 ADC dst-address=192.168.1.95/32 pref-src=192.168.1.1 gateway=<l2tp-vpn> gateway-status=<l2tp-vpn> reachable distance=0 scope=10

3 ADC dst-address=ISP pref-src=ISP gateway=WAN gateway-status=WAN reachable distance=0 scope=10

Internet from iPhone work fine, but no access to local network, can't ping 192.168.1.3 or http://192.168.1.3.
I use arp-proxy for bridge-local and LAN1-PC, but useless.

Please help me ;(
 
Adolf
just joined
Posts: 1
Joined: Mon Jul 04, 2016 7:22 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Mon Jul 04, 2016 11:18 pm

Try to not use nat for local network

/ip firewall nat 
add chain=srcnat src-adress=LAN dst-address=!LAN out-interface=WAN action=masquarade (or src-nat to-address)
 
Kincaidc
just joined
Posts: 12
Joined: Fri Jul 22, 2016 10:28 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Fri Oct 14, 2016 12:38 am

I read this thread and still have issues with being able to ping the local network. I cannot see anything beyond the MT ip address. I do not understand the Masquarade post or what i am supposed to do or why this thing worked fine 4 two years and all of a sudden it doesn't
 
overdriven
just joined
Posts: 1
Joined: Thu Oct 13, 2016 1:14 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Fri Oct 14, 2016 3:16 pm

Hello!

I had same problems.
1. But also now I can't ping the vpn client. How to solve it?
(Solved by deactivating firewall on client workstation)
2. I can't "see" windows workstations by it's name (only using IP). Is it posible to solve it?
3. To see workstations of LAN I had to add the rule to firewall:
chain=forward action=accept in-interface=pptp-UserName out-interface=LANBridge
Each new client creates new interface.Do I have to add the rule for each Interface?
 
JJR70
just joined
Topic Author
Posts: 6
Joined: Tue Mar 03, 2015 3:27 am

Re: No access to LAN over PPTP VPN (can only ping router)

Fri Oct 14, 2016 5:58 pm

Kincaidc and overdriven: Since this post, I have moved on from PPTP to SSTP. I'm also a MikroTik amateur. However, if you will print out your config, I can take a look and try to troubleshoot.

Look through my final post from when I had it working (Post #3). For each step, I documented both using Winbox and Terminal.

Fill in the following information:
Your MikroTik LAN IP:
Your LAN DHCP Range:

Enter the following in terminal and post your results:
/ip pool print
/ppp profile print detail
/ppp secret print detail (change your username to 'username' and your password to 'password')
/interface pptp-server server print
/ip firewall filter print detail (This is for steps 5 & 6)
/interface ethernet print
/ip firewall nat print detail

Hopefully me (or someone more qualified) can help.
 
dadashari
just joined
Posts: 2
Joined: Sat Oct 14, 2017 5:59 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Sat Oct 14, 2017 6:06 pm

Kincaidc and overdriven: Since this post, I have moved on from PPTP to SSTP. I'm also a MikroTik amateur. However, if you will print out your config, I can take a look and try to troubleshoot.

Look through my final post from when I had it working (Post #3). For each step, I documented both using Winbox and Terminal.

Fill in the following information:
Your MikroTik LAN IP:
Your LAN DHCP Range:

Enter the following in terminal and post your results:
/ip pool print
/ppp profile print detail
/ppp secret print detail (change your username to 'username' and your password to 'password')
/interface pptp-server server print
/ip firewall filter print detail (This is for steps 5 & 6)
/interface ethernet print
/ip firewall nat print detail

Hopefully me (or someone more qualified) can help.
hello
i have the same problem too
as you told attach the information
here is the log of my mikrotik
please help to solve my problem too
thanks

Your MikroTik LAN IP:
192.168.0.102

Your LAN DHCP Range:

Lan DHCP Is Set In Windows Server


/ip pool print

# NAME RANGES
0 pool1 172.25.20.1-172.25.20.30
1 pool195 172.26.1.1-172.26.1.100
2 poolremote 197.168.0.150-197.168.0.200
3 dhcp_pool1-wifi 192.168.90.100/30
4 hs-pool-3 192.168.0.1-192.168.0.101
192.168.0.103-192.168.0.254
5 TEST-Pool 192.168.0.0-192.168.0.254


/ppp profile print detail

Flags: * - default
0 * name="default" local-address=172.26.1.200 remote-address=pool195 use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=default use-upnp=default address-list="" dns-server=8.8.8.8 on-up="" on-down=""

1 name="profileremote" local-address=94.74.146.178 remote-address=poolremote use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=default use-upnp=default address-list="" on-up="" on-down=""

2 * name="default-encryption" local-address=2.2.2.2 remote-address=pool1 use-mpls=default use-compression=default use-encryption=yes only-one=default change-tcp-mss=yes use-upnp=default address-list="" dns-server=217.218.155.155,8.8.8.8 on-up=""
on-down=""


/ppp secret print detail (change your username to 'username' and your password to 'password')

[admin@Mikrotik] > /ppp secret print detail
Flags: X - disabled
0 X name="username " service=any caller-id="" password="password" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=jan/01/1970 00:00:00

1 X name="username" service=pptp caller-id="" password="password" profile=profileremote routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=aug/01/2017 10:42:18

2 name="username" service=pptp caller-id="" password="password" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=oct/14/2017 18:12:24

3 name="username" service=any caller-id="" password="password" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=oct/14/2017 15:19:20

4 name="username" service=any caller-id="" password="password" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=aug/13/2017 11:46:08

5 name="username" service=any caller-id="" password="password" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=oct/14/2017 17:16:10

6 name="username" service=any caller-id="" password="password" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=aug/18/2017 09:35:54

/interface pptp-server server print

enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: mschap2
keepalive-timeout: disabled
default-profile: default


/ip firewall filter print detail (This is for steps 5 & 6)

Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

/interface ethernet print

# NAME MTU ARP MASTER-PORT SWITCH
0 R ether1-MSP 1500 enabled none switch1
1 R ether2 1500 proxy-arp none switch1
2 ether3 1500 enabled none switch1
3 R ether4 1500 enabled none switch1
4 ether5 1500 enabled none switch1
5 ether6 1500 enabled none switch2
6 ether7 1500 enabled none switch2
7 ether8 1500 enabled none switch2
8 ether9 1500 enabled none switch2
9 ether10 1500 enabled none switch2
10 sfp1 1500 enabled none switch1

/ip firewall nat print detail

Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; Internet Access Trough VPN
chain=srcnat action=masquerade src-address=172.26.1.0/24 dst-address=!172.26.1.0/24 log=no log-prefix=""
 
flavio
just joined
Posts: 7
Joined: Thu Dec 27, 2007 11:56 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Thu Oct 19, 2017 6:16 pm

Try to change to proxy-arp the LAN interface on the VPN server side.
 
myg4ever
just joined
Posts: 1
Joined: Fri Dec 22, 2017 10:57 am

Re: No access to LAN over PPTP VPN (can only ping router)

Fri Dec 22, 2017 11:01 am

Thanks I've the same problem and I will try it out
 
zhenissimo
just joined
Posts: 4
Joined: Wed Dec 12, 2012 10:10 am

Re: No access to LAN over PPTP VPN (can only ping router)

Tue Jan 02, 2018 2:39 am

Hello,
i have very similar problem. Maybe someone can help me find out what is wrong.
i am able to connect to VPN, but cant access Internet and LAN devices on it. Only Mikrotik local IP is pinging.

My conf:

/ppp profile print detail
name="default" remote-ipv6-prefix-pool=none use-ipv6=yes use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=yes use-upnp=default address-list="" on-up="" on-down=""
name="pptp-profile" local-address=10.0.10.254 remote-address=pptp-pool remote-ipv6-prefix-pool=*0 use-ipv6=yes use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=default use-upnp=default
address-list="" dns-server=10.0.10.254 on-up="" on-down=""
name="default-encryption" remote-ipv6-prefix-pool=none use-ipv6=yes use-mpls=default use-compression=default use-encryption=yes only-one=default change-tcp-mss=yes use-upnp=default address-list="" dns-server=8.8.8.8,8.8.4.4 on-up="" on-down=""

/ppp secret print detail
name="username" service=any caller-id="" password="password" profile=pptp-profile routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=feb/02/2017 02:24:56

/interface pptp-server server print
enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: mschap2
keepalive-timeout: 30
default-profile: default-encryption

/ip firewall filter print detail
chain=forward action=accept connection-state="" in-interface=ether5 log=no log-prefix=""
chain=forward action=accept in-interface=ether1 log=no log-prefix=""
chain=forward action=accept in-interface=ether3 log=no log-prefix=""
chain=input action=accept protocol=tcp dst-port=1723 log=no log-prefix=""
chain=input action=accept protocol=gre log=no log-prefix=""
chain=forward action=drop log=no log-prefix=""
chain=input action=drop protocol=icmp in-interface=ether5 icmp-options=8:0-255 log=no log-prefix=""


/interface ethernet print
0 ;;; LAN
ether1 1500 00: proxy-arp none
1 RS ether2 1500 00: proxy-arp ether3 switch1
2 R ether3 1500 00: proxy-arp none switch1
3 ether4 1500 00: proxy-arp none switch1
4 R ;;; WAN
ether5 1500 00:0C:42:8A:71:17 enabled none switch1

/ip firewall nat print detail
chain=srcnat action=masquerade src-address=10.0.10.88/29 dst-address=!10.0.10.88/29 out-interface=ether5 log=no log-prefix=""
chain=srcnat action=masquerade src-address=10.0.10.0/24 log=no log-prefix=""
 
Mantic0re
just joined
Posts: 3
Joined: Tue Oct 25, 2016 7:27 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Tue Jan 02, 2018 11:39 am

well try to use proxy then
 
zhenissimo
just joined
Posts: 4
Joined: Wed Dec 12, 2012 10:10 am

Re: No access to LAN over PPTP VPN (can only ping router)

Tue Jan 02, 2018 12:53 pm

well try to use proxy then
what do you mean?
 
zhenissimo
just joined
Posts: 4
Joined: Wed Dec 12, 2012 10:10 am

Re: No access to LAN over PPTP VPN (can only ping router)

Sun Jan 07, 2018 12:47 am

any ideas?
 
gpto
just joined
Posts: 1
Joined: Sun Jan 07, 2018 8:01 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Wed Jan 31, 2018 5:15 pm

I had the same problem, but for me it was quite simple to resolve :

I'm at home and want to connect to office.

The problem is that I have the same IP range in both side, 192.168.1.0/24 at home and the same at office.

So, while connected though VPN, if I try to reach, by exemple, one of our office switch my mac try to reach it on my home office, even if VPN is set to send ALL TRAFFIC to VPN....

for me it's just a range conflict, my mac can't understand on which 192.168.1.0/24 network i ask him to go......

If I connect my mac using a 4G dongle (in 172.0.0.0/24) I'm able to reach all devices in my office network

cheers
 
eltimmo
just joined
Posts: 2
Joined: Sat May 19, 2018 5:29 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Sat Jul 07, 2018 4:14 pm

Hi,

I had the same problem. I got this to work by putting the VPN on it's own network like below. I'm not that experienced with RouterOs, so this may not be the best way. Hope this helps,

Add IP Pool for L2TP - (called l2tp)
ip/ipool 192.168.99.190-192.168.99.199

Add IP Address
192.168.99.1/24 network 192.168.89.0 on the bridge

On L2TP Profile
configure this to use 192.168.99.2 as its local address, remote is l2tp.
 
tecnicanet
just joined
Posts: 1
Joined: Mon Mar 25, 2019 5:49 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Mon Mar 25, 2019 5:54 pm

Try to make masquarade rule like on the picture.
L2TP.PNG
Hi, i can't see the image, can you repost the picture again or write the command to create the rule?

Thank u so much!!
 
hamedta
just joined
Posts: 4
Joined: Fri Aug 30, 2019 9:46 pm

No access to LAN over VPN

Fri Aug 30, 2019 10:12 pm

Hello

I have a problem, I need to access to a network device web config which is in another city remotely, so I connected a USB 3G modem to my Mikrotik router for internet and then I have connected my network device to the Lan2 of Mikrotik router by setting a nat my network device is connected to the Internet but as 3G modem doesn't support DMZ or port forwarding I can't access to my network device web config page, for solution I have set up a OpenVpn client interface on the router and it connected to the server public server then from office I also connect to the OpenVpn server so now I can have my router and my pc in a same network from office and also I can ping my router through the IP address of OpenVpn interface and even can connect to it with WinBox but the problem is I don't have access to the device which is connected to the Lan2, what could be a solution or a better approach ?

I need to open the web config of my network device which is http on port 80.

Your MikroTik LAN IP: 192.168.20.20 (LAN2)
Your LAN DHCP Range:192.168.20.21 - 192.168.20.22 (LAN2)

/ip pool print
# NAME RANGES
0 dhcp_pool 192.168.20.21-192.168.20.22

/ppp profile print detail
1 name="OVPN-client" use-mpls=no use-compression=no use-encryption=required only-one=default change-tcp-mss=yes use-upnp=default
address-list="" on-up="" on-down=""

/interface ovpn-client print
Flags: X - disabled, R - running
0 R name="OPENVPN" mac-address=FE:14:B2:5E:B4:33 max-mtu=1500 connect-to=x.x.xx port=434 mode=ip user="user"
password="pass" profile=OVPN-client certificate=client.crt_0 verify-server-certificate=no auth=sha1 cipher=blowfish128
add-default-route=yes

/ip firewall filter print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; allow established connections
chain=forward connection-state=established

1 ;;; allow related connections
chain=forward connection-state=related

2 ;;; drop invalid connections
chain=forward action=drop connection-state=invalid

/interface ethernet print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP SWITCH
0 R LAN1 1500 D4:CA:6D:29:6F:B7 enabled switch1
1 LAN2 1500 D4:CA:6D:29:6F:B8 enabled switch1
2 LAN3 1500 D4:CA:6D:29:6F:B9 enabled switch1
3 LAN4 1500 D4:CA:6D:29:6F:BA enabled switch1
4 WAN 1500 D4:CA:6D:29:6F:B6 enabled switch1

/ip firewall nat print detail
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.20.0/24
out-interface=OPENVPN log=no log-prefix=""

OPENVPN ip is 10.8.0.26

my pc ip address is 10.8.0.30
 
hamedta
just joined
Posts: 4
Joined: Fri Aug 30, 2019 9:46 pm

Re: No access to LAN over PPTP VPN (can only ping router)

Mon Sep 02, 2019 2:30 pm

any idea ?

Who is online

Users browsing this forum: No registered users and 20 guests