Community discussions

 
User avatar
clayntouch
just joined
Topic Author
Posts: 14
Joined: Tue Nov 07, 2017 2:19 am
Location: Palawan, Philippines
Contact:

PPTP client disconnect once mangle routing is enabled

Thu Nov 07, 2019 10:55 am

Hi everyone,

I'm trying to implement PPTP VPN in order for our remote office (located in other town) to access our database server which is in our main office through PPTP. I'm using RB110AHx2 with the following diagram as shown below
1.Network diagram.jpg
In my existing setup, i have 2 WAN that load balance as shown below
2.Network firewall.jpg
My problem is PPTP clients can connect but cannot ping or access any of internal IPs' from 192.168.1.0/24 once i enabled my routing marks in mangle.

Sorry in advance if i post common sense question or redundant question here. I only configured my RB though watching online videos. TIA!
You do not have the required permissions to view the files attached to this post.
 
Zacharias
Forum Veteran
Forum Veteran
Posts: 732
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: PPTP client disconnect once mangle routing is enabled

Thu Nov 07, 2019 10:57 pm

Use the main routing table for the 192.168.1.0/24 subnet by adding an accept rule for that in a prerouting chain...
Where is that PLDT route?
 
User avatar
clayntouch
just joined
Topic Author
Posts: 14
Joined: Tue Nov 07, 2017 2:19 am
Location: Palawan, Philippines
Contact:

Re: PPTP client disconnect once mangle routing is enabled

Fri Nov 08, 2019 9:46 am

Oh. Apologies sir. this is the correct routing

ROUTE LIST

Gateway: 120.28.xx.xx, Distance: 1, Routing Mark: GLOBE
Gateway: 210.5.xx.xx, Distance: 1, Routing Mark: PLDT
Gateway: 120.28.xx.xx, Distance: 1

is this correct sir?

/ip firewall mangle
add action=accept chain=prerouting src-address=192.168.1.0/24
Use the main routing table for the 192.168.1.0/24 subnet by adding an accept rule for that in a prerouting chain...
Where is that PLDT route?
 
User avatar
clayntouch
just joined
Topic Author
Posts: 14
Joined: Tue Nov 07, 2017 2:19 am
Location: Palawan, Philippines
Contact:

Re: PPTP client disconnect once mangle routing is enabled

Sat Nov 09, 2019 11:20 am

IT WORKS! Thank you very much sir!
Use the main routing table for the 192.168.1.0/24 subnet by adding an accept rule for that in a prerouting chain...
Where is that PLDT route?
 
User avatar
clayntouch
just joined
Topic Author
Posts: 14
Joined: Tue Nov 07, 2017 2:19 am
Location: Palawan, Philippines
Contact:

Re: PPTP client disconnect once mangle routing is enabled

Sat Nov 09, 2019 2:42 pm

Hi my client pptp can now ping and access any of my LAN ip from the other site. But after i add accept for 192.168.1.0/24, routing mark no longer route 192.168.1.0/24 into PLDT (wan2) it keep using the GLOBE (isp1)

i also tried to route my database server ip using add action=accept chain=prerouting src-address=192.168.1.254 but it is not working.

please see my mangle config below :

/ip firewall mangle
add action=accept chain=prerouting src-address=192.168.1.0/24
add action=mark-routing chain=prerouting new-routing-mark=PLDT passthrough=yes src-address=192.168.1.0/24
add action=mark-routing chain=prerouting new-routing-mark=GLOBE passthrough=yes src-address=192.168.2.0/24
add action=mark-routing chain=prerouting new-routing-mark=GLOBE passthrough=yes src-address=10.0.0.0/22

Thanks!
Use the main routing table for the 192.168.1.0/24 subnet by adding an accept rule for that in a prerouting chain...
Where is that PLDT route?
 
Zacharias
Forum Veteran
Forum Veteran
Posts: 732
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: PPTP client disconnect once mangle routing is enabled  [SOLVED]

Sat Nov 09, 2019 6:08 pm

Oh i forgot you want to route the traffic through specific line...
Remove the first mangle rule and in the second mangle rule add dst-adress !192.168.1.0/24
 
User avatar
clayntouch
just joined
Topic Author
Posts: 14
Joined: Tue Nov 07, 2017 2:19 am
Location: Palawan, Philippines
Contact:

Re: PPTP client disconnect once mangle routing is enabled

Sun Nov 10, 2019 6:27 am

Hi Zach,

Many thanks for your help. It resolves my problem as stated in the topic. Sharing my working mangle firewall below as reference for others. Thank you very much!

/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!192.168.1.0/24 new-routing-mark=PLDT passthrough=yes src-address=192.168.1.0/24
add action=mark-routing chain=prerouting new-routing-mark=GLOBE passthrough=yes src-address=192.168.2.0/24
add action=mark-routing chain=prerouting new-routing-mark=GLOBE passthrough=yes src-address=10.0.0.0/22

Oh i forgot you want to route the traffic through specific line...
Remove the first mangle rule and in the second mangle rule add dst-adress !192.168.1.0/24
 
Zacharias
Forum Veteran
Forum Veteran
Posts: 732
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: PPTP client disconnect once mangle routing is enabled

Sun Nov 10, 2019 11:45 am

Great...!

Who is online

Users browsing this forum: Google [Bot] and 11 guests