I am new to the mikrotik routerboards.
So far I have created a PPTP connection betwen 2 routerboards which is functioning perfectly.
However I wanted to know if it is possible to forward a port on the server site to acces a DVR on the client site via the VPN tunnel, and what would be the setup for this.
When I telnet from a windows machine (Server site) to the DVR (Client site), it is working.
I now want to connect to the DVR via the static IP from the server site, using port forwarding?
It is not possible to connect directly to the DVR at the client site, there I do not have a public IP.
Is this possible?
Server:
WAN x.x.x.x (STATIC)
LAN 192.168.50.254/24
VPN:
Default (192.168.89.0/24)
Client:
WAN x.x.x.x (LTE connection)
192.168.10.254/24
DVR: 192.168.10.60, port 8000
Thank you in advance
Re: portforwarding through pptp-vpn to DVR at client side
I don;t know the specific interface names involved, but you will basically be setting up a nat hairpin.
Make a dstnat rule just as you would normally do.
add chain=dstnat protocol=tcp dst-port=1111 dst-address=my.wan.ip.addr action=dst-nat to-addresses=192.168.10.60 to-ports=8000
Then make the hairpin rule:
add chain=srcnat dst-address=192.168.10.60 src-address=!192.168.50.0/24 action=src-nat to-addresses=192.168.50.254
This will cause the DVR to see "nat pinhole" connections from the Internet as if they came from the Mikrotik's LAN IP - which will keep the reply packets going through the VPN so the Mikrotik can un-nat them and send them to the user.
Make a dstnat rule just as you would normally do.
add chain=dstnat protocol=tcp dst-port=1111 dst-address=my.wan.ip.addr action=dst-nat to-addresses=192.168.10.60 to-ports=8000
Then make the hairpin rule:
add chain=srcnat dst-address=192.168.10.60 src-address=!192.168.50.0/24 action=src-nat to-addresses=192.168.50.254
This will cause the DVR to see "nat pinhole" connections from the Internet as if they came from the Mikrotik's LAN IP - which will keep the reply packets going through the VPN so the Mikrotik can un-nat them and send them to the user.
Re: portforwarding through pptp-vpn to DVR at client side
I don;t know the specific interface names involved, but you will basically be setting up a nat hairpin.
Make a dstnat rule just as you would normally do.
add chain=dstnat protocol=tcp dst-port=1111 dst-address=my.wan.ip.addr action=dst-nat to-addresses=192.168.10.60 to-ports=8000
Then make the hairpin rule:
add chain=srcnat dst-address=192.168.10.60 src-address=!192.168.50.0/24 action=src-nat to-addresses=192.168.50.254
This will cause the DVR to see "nat pinhole" connections from the Internet as if they came from the Mikrotik's LAN IP - which will keep the reply packets going through the VPN so the Mikrotik can un-nat them and send them to the user.
Great!!! simple and useful
Who is online
Users browsing this forum: ramin110 and 60 guests