Community discussions

MikroTik App
 
sanketgroup
just joined
Topic Author
Posts: 12
Joined: Sat Sep 14, 2013 6:15 am

VPN Add Route - Cannot ping PC behind VPN

Mon Nov 23, 2015 1:31 pm

Hello
Attached is network diagram.

In my scenario, one PC cannot ping another pc which is behind VPN at other site and has no gateway setup.

I tried lot of things with route add but none of them working.
Pls explain me why.

See diagram.

Thanx


Image
 
User avatar
pukkita
Trainer
Trainer
Posts: 3037
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: VPN Add Route - Cannot ping PC behind VPN

Mon Nov 23, 2015 6:32 pm

In my scenario, one PC cannot ping another pc which is behind VPN at other site and has no gateway setup.
You have answered yourself... depending on your setup proxy-arp could be a solution, but why not set an specific gw on PC3 to reach PC4 network?
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
sanketgroup
just joined
Topic Author
Posts: 12
Joined: Sat Sep 14, 2013 6:15 am

Re: VPN Add Route - Cannot ping PC behind VPN

Tue Nov 24, 2015 6:03 am

i do not want to give internet access to those PCs so not assigning GW.

Also one more thing:
few clients are on different GW, see below diagram.
I also want those PCs who are on different gateway to be accessed.
Importantly, i can do this in some other brand VPN router but do not know how to in Mikrotik.
Image
 
User avatar
pukkita
Trainer
Trainer
Posts: 3037
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: VPN Add Route - Cannot ping PC behind VPN

Tue Nov 24, 2015 6:18 pm

i do not want to give internet access to those PCs so not assigning GW.
For that (and good practices) you'd better set the GW then restrict internet access for PC3 at the firewall...

Same for other devices, otherwise you're limiting those PCs from reaching Internet but also your management productivity...

What can you do with another brand VPN router? Will try to "translate" it to the mikrotik.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
sanketgroup
just joined
Topic Author
Posts: 12
Joined: Sat Sep 14, 2013 6:15 am

Re: VPN Add Route - Cannot ping PC behind VPN

Tue Nov 24, 2015 7:50 pm

with DD WRT, using PPTP, client on other side can ping PCs at server side which do not have GW or even on different GW.

As you said Proxy ARP can work, can you pls explain how to do it? or any other way to accomplish this.
Thanx for replies.
 
User avatar
MTeeker
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Tue Jun 14, 2011 2:42 pm
Location: Australia

Re: VPN Add Route - Cannot ping PC behind VPN

Thu Nov 26, 2015 1:21 am

i do not want to give internet access to those PCs so not assigning GW.
I am not familiar with proxy, but taking a step back.

I would stop Internet access on PC3 and PC5 using firewall rule while still giving these PC gateway addresses to enable ping.

/ip firewall filter
add action=drop chain=forward out-interface=WAN_interface_gateway protocol=tcp \
src-address=ip_address_of_PCx

(replace x with 3 or 5 on their immediately above router's firewall settings)

Ping should still work since it uses icmp instead.

Who is online

Users browsing this forum: andrewsongca, Bing [Bot] and 74 guests