hi,
i need some help in making a vpn conection to my workplace, i found some tutorials but they were in other languages.
here is my problem:

i have a network at work with a mikrotik router. i want to acces from home shared folders from pc's and NAS. i've managed to make the vpn conection using L2tp, from my pc to the router, but i cant acces or ping the computers from the workplace network.

10.145.0.[10-200]home network)------(isp router huawei)-----(mikrotik router)----10.145.0.[96-200](workplace network)
this is what i have.


at this moment i can connect to my vpn, but i cant ping any ip from workplace network, any ideeas?

thanks

Hello,

have you tried setting this?

/interface ethernet set Office arp=proxy-arp

where Office is the name of the interface of your LAN.

Have you seen this page? : http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP

Hope it helps.

hi,
i've done that arp thing still no ping. any thoughts?

thanks

Can you share your config?

Could it be the Huawei router blocking something?

Can you share your config?

Could it be the Huawei router blocking something?

Hi,
here is my config file, my huawei router is set on dmz, i've tested with other isp providers, even mobile 4G.
i apreciate your help

happy holidays

Hello again,

I have had a quick look through your config.

I am no expert by any means, but I think it would help to start with a very basic config first and build it up. Backup your existing config then reset your router to no config and start again. I don't believe you need to masquerade the l2tp connections...but I could be wrong

Also, do you need to have the same subnet on both sides? All of the examples I have seen have different subnets on each side. You then setup routes to communicate between each side.

I have recently found this site which I think explains VPNs well, with examples. http://www.manitonetworks.com/. Have a look under the VPN tab for some nice examples.

http://l2tp.patokatech.com/

These are screen shots of my winbox settings, I can connect from my win 8 PC and ping any 192.168.100.0/24 address, see my NAS, use VNC to control PCs, etc.

This setup is on a routerboard 133, the RB750 has :: for the local address in IPsec peer.

If your last firewall input rule is a standard 'drop all else' you have to put an accept rule in for your PC's WAN IP. This can be a pain but also a good security tool, I use Teamviewer to remote my office PC and add my WAN IP.

I tried all of the ideeas, even restore config, and reconfigured it and changing ip class, still same problem. no ping.

hi,
i return with some new infos.
i have rebuild my mikrotik configuration, you can check it in the attachment.

my network looks like this.

\laptop 192.168.10.10\-------\mikrotik 10.145.10.1\--------\NAS 10.145.10.253\


when the l2tp connection is established i try to ping 10.145.10.1 and works fine, when i try to ping NAS, there is no ping.when i try to ping any other ip, there is no ping.

any thoughts?

I'll look at your setup and see if anything stands out.

Can you ping the NAS and IPs from the tools menu in winbox when you connect to its WAN IP?

When you connect with your laptop are you putting
\\10.145.10.253
in file explorer?
That was a stumbling point for me.

I'll look at your setup and see if anything stands out.

Can you ping the NAS and IPs from the tools menu in winbox when you connect to its WAN IP?

When you connect with your laptop are you putting
\\10.145.10.253
in file explorer?
That was a stumbling point for me.

hi,
it's like this: - i connect to vpn
- i ping 10.145.10.1 (works ok)
- i ping any other ip outside my vpn accounts (no ping)
- i ping any other ip inside my vpn accounts (works ok)
- i try \\10.145.10.253 in explorer (not working)
my network is :- 100-200 range DHCP
- 200-254 range STATIC
- 99-89 range VPN accounts
- 89-2 range not used or backup
- 1 router

Make sure your VPN client is configured to add a route to 10.145.10.0/24 via the VPN.
By default, you're probably only getting the IP address of the Mikrotik in your PC's routing table.

When you're on the VPN, pull up a command prompt and issue a "route print" command.
If you don't see anything for 10.145.10.0 255.255.255.0 then this is likely your problem.

You will probably see something like 10.145.10.1 255.255.255.255 in your route table, though....
whatever the next hop IP is for that route, you could manually add the rest of the LAN:
route add 10.145.10.1 mask 255.255.255.0 x.x.x.x
(where x.x.x.x is the same as the entry for 10.145.10.1)

If this fixes your problem, then you can do a basic fix by making sure the "use default GW on remote network" option is set in the VPN profile.

Make sure your VPN client is configured to add a route to 10.145.10.0/24 via the VPN.
By default, you're probably only getting the IP address of the Mikrotik in your PC's routing table.

When you're on the VPN, pull up a command prompt and issue a "route print" command.
If you don't see anything for 10.145.10.0 255.255.255.0 then this is likely your problem.

You will probably see something like 10.145.10.1 255.255.255.255 in your route table, though....
whatever the next hop IP is for that route, you could manually add the rest of the LAN:
route add 10.145.10.1 mask 255.255.255.0 x.x.x.x
(where x.x.x.x is the same as the entry for 10.145.10.1)

If this fixes your problem, then you can do a basic fix by making sure the "use default GW on remote network" option is set in the VPN profile.

hi,
i did a route print, and i cant see 10.145.10.0 255.255.255.0 . but i see 10.145.10.90 255.255.255.0 wich is my alocated vpn ip.
my OS is win 10 pro and my vpn client is built in win 10 network connection.

ps: i'm looking for the "use default GW on remote network" option but i cant see it, can you help me with this, it might be because im tired and i cant see it.

I'm back.

i've solved the problem. 2 modifications i've done. one to /ppp secret and one to /bridge.

you can see them in the attachment. my vpn link works, i have ping and i can acces my NAS and the entire network. i don't know if this is the only solution but it might help.


thanks for the help.

It was probably just the proxy-arp that fixed it. I'm pretty sure that "routes" configuration you showed is to create routes to the VPN client (if the vpn client is a router with more networks behind it).

Glad you got it working.