Community discussions

MikroTik App
 
dinger1986
just joined
Topic Author
Posts: 6
Joined: Mon Sep 17, 2018 10:52 pm

Windows Client Routing

Wed Sep 19, 2018 2:04 pm

Hello,

I am trying to create routing rules over a Mikrotik SSTP VPN, I have disabled the default route on windows so it doesnt push all the traffic over the VPN.

We do want to route some traffic to certain websites over the VPN, how would we do this? I have read that RIP might work? I dont want to have to add the routes manually on the laptops.

Thanks,
Dinger1986
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Windows Client Routing

Wed Sep 19, 2018 2:32 pm

Why can't you use static routing in Windows?
 
dinger1986
just joined
Topic Author
Posts: 6
Joined: Mon Sep 17, 2018 10:52 pm

Re: Windows Client Routing

Wed Sep 19, 2018 6:52 pm

I can but isnt it possible to control the routing via the Mikrotik?

It routes fine to my local networks on a 192 range and also a remote network over a IPSec VPN but cant access my DMZ on the 10 range.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Windows Client Routing

Thu Sep 20, 2018 1:03 am

Unfortunately, routing for VPNs is not as easy as you'd expect it to be. You'd think that it's something everyone needs and therefore must work great, but no. In short, interoperability sucks.

But using RIP is an interesting idea and quick test says that it does work with Windows SSTP client and RIP Listener service installed. Downside is that it's not installed by default and I'm not sure if there's any way to limit it only to SSTP interface.
 
dinger1986
just joined
Topic Author
Posts: 6
Joined: Mon Sep 17, 2018 10:52 pm

Re: Windows Client Routing

Thu Sep 20, 2018 9:06 am

Thanks Sob

Is that the only way then? I’ll install the RIP listener service.

I don’t actually know how to setup rip I can look into it but what would I do to add a route to 10.0.45.0/24?

Thanks!
Last edited by dinger1986 on Thu Sep 20, 2018 5:48 pm, edited 1 time in total.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Windows Client Routing

Thu Sep 20, 2018 3:57 pm

You can advertise static routes via dhcp options, but not from ROS. I succeeded with that in StrongSwan + dhcpd in ubuntu linux. I mean, you can advertise those through pure dhcp traffic, but you can't push bootp protocol over ipsec tunnel or pptp in ROS.
 
dinger1986
just joined
Topic Author
Posts: 6
Joined: Mon Sep 17, 2018 10:52 pm

Re: Windows Client Routing

Thu Sep 20, 2018 5:44 pm

Thanks Anumrak,

We need it to work with ROS, can script the install of RIP in windows if anyone can help me setup the rules in RIP?

Regards.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Windows Client Routing

Fri Sep 21, 2018 3:32 am

I don't normally use RIP either, so I don't have much experience with it. You need to select interface(s) and network range on which it should operate and select what routes should be distributed (static, connected, ...). Network would be what's used by VPN clients. Interfaces may be tricky, it doesn't seem possible to target dynamic ones, so you would either need to make them static or use bridged config (at least I hope it works, it's in PPP profile, but I don't think I've ever used it). If you want only specific routes, it's possible using prefix list.

Start here, you'll figure it out: https://wiki.mikrotik.com/wiki/Manual:Routing/RIP
 
dinger1986
just joined
Topic Author
Posts: 6
Joined: Mon Sep 17, 2018 10:52 pm

Re: Windows Client Routing

Fri Sep 21, 2018 11:01 am

I have had a look but its not working very well, still the routing to the 192 subnets work fine but not to the 10.

I am wondering if I setup DHCP on my NAS (Synology) and used DHCP relay if it would pass the static options through from there?

Just an idea!

thanks
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Windows Client Routing

Fri Sep 21, 2018 12:19 pm

I have had a look but its not working very well, still the routing to the 192 subnets work fine but not to the 10.

I am wondering if I setup DHCP on my NAS (Synology) and used DHCP relay if it would pass the static options through from there?

Just an idea!

thanks
DHCP options written in dhcp packets, so you can't push those to vpn client in ROS. Sad as it is.

It will work only if you have layer 2 VPN between relay and host. Before the packets pass relay, they should touch it from layer 2. And after the relay they should touch the server with relay source IP address as unicast packets.

Who is online

Users browsing this forum: Bing [Bot] and 15 guests