Community discussions

 
Techally
just joined
Topic Author
Posts: 3
Joined: Tue Aug 07, 2018 5:14 pm
Location: Sapin

3 branch offices VLAN over PPTP?

Tue Oct 08, 2019 2:35 pm

Hi, Im trying to implement a request from a client.
His setup
Main Office:
RBD52G-5HacD2HnD
Fiber router in bridge mode so external IP is on Mikrotik WAN (eth1) 185.83.x.x
LAN IP : 192.168.92.1

Office1 :
RouterBOARD 941-2nD
Internet provider is a WiSP so eth1 is a 10.0.28.x address from external SXT
LAN IP: 192.168.98.1

Office2:
RBD52G-5HacD2HnD
Fiber router NOT in bridge so eth1 is a 192.168.1.x address
LAN IP: 192.168.94.1

All standalone networks and internet working perfectly.

Main Office is running a PPTP Server
Office1 PPTP client connected and Local IP 192.168.92.2 and Remote 192.168.92.3
Office2 PPTP client connected and Local IP 192.168.92.4 and Remote 192.168.92.5

Main office added static route
/ip route
add distance=1 dst-address=192.168.94.0/24 gateway=192.168.92.5 pref-src=192.168.92.4
add distance=1 dst-address=192.168.98.0/24 gateway=192.168.92.3 pref-src=192.168.92.2

Office1 added static route
/ip route
add distance=1 dst-address=192.168.92.0/24 gateway=192.168.92.2 pref-src=192.168.92.3

Office2 added static route
/ip route
add distance=1 dst-address=192.168.92.0/24 gateway=192.168.92.4 pref-src=192.168.92.5

All seems to be connecting and pinging correctly BUT..... the client needs to be able to RDP from a PC at Office 1 & a PC at office 2 to his main PC in the Main Office
Thats it he has no other requirements like printers or anything.
From every side I can ping all 3 routers can ping each other but one PC cant Ping another PC (ie office1 PC cant ping Main office PC)

What am i missing ?
And should I be doing it a different way?
I have considered using VLAN but Ive spent days going through various examples and cant get them to work properly either?
Is this a correct example to use an eOIP ?

Any advice would be gratefully appreciated
Thanks
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 905
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: 3 branch offices VLAN over PPTP?

Tue Oct 08, 2019 2:58 pm

Routing looks correct.
I'd rather say that this is a Windoze Firewall problem which by default does not accept incoming connections from non-local subnets.

-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
Techally
just joined
Topic Author
Posts: 3
Joined: Tue Aug 07, 2018 5:14 pm
Location: Sapin

Re: 3 branch offices VLAN over PPTP?

Tue Oct 08, 2019 3:33 pm

Yea i thought the same, I have added Firewall rules to the windows PC in the main office to make sure of that.

Am I missing a masquarade rule or something?
Although the client doesnt need access to them there are printers on both sides (Main office and Office 1) and they cant be pinged either like I say all routers can ping each other ?

Any comment on the VLAN or eOiP ideas?
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 905
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: 3 branch offices VLAN over PPTP?

Tue Oct 08, 2019 3:47 pm

Bummer.
No that's no EoIP scenario. Nor vlan - vlans are L2-local as well.
Try setting the tunnel interface as gateway in your routes instead of the remote IP of the tunnel.
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
Techally
just joined
Topic Author
Posts: 3
Joined: Tue Aug 07, 2018 5:14 pm
Location: Sapin

Re: 3 branch offices VLAN over PPTP?

Sat Oct 12, 2019 2:38 pm

Hi,
I Just wanted to post a reply as we fixed the issue (eventually)

So we visited the clients offices to make life easier as previously we only had terminal access to the Office 1 & Office 2 routers.

The Office 1 router it turns out could ping in one direction to the Main Office client devices (printers, PC etc) but packets not coming back.
The Office 2 Router could ping in any direction but client devices each side couldn't ping in either direction.

After many hours of round in circles we reset the Office 1 & Office 2 Routers and started again with config now using a different IP range to avoid any bad routes or NATs
It turns out that the problems all along where the NAT Masquerade Rules on one side of the PPTP tunnels.
The Traffic from Office 1 & Office 2 where both masquerading their IP which ended up being replaced with their ISP routers address (both were 192.168.1.1)

Removed the offending rules and viola! all working.
Thanks for the assistance
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: 3 branch offices VLAN over PPTP?

Sun Oct 13, 2019 6:27 pm

Sometimes an onsite visit to see what issues people are having can make all the difference in the world.

Glad you figured it out :D
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com

Who is online

Users browsing this forum: No registered users and 6 guests