Community discussions

 
User avatar
vader7071
newbie
Topic Author
Posts: 32
Joined: Tue Jan 07, 2014 9:44 pm

Issue with VPN connecting behind router

Fri Aug 25, 2017 8:54 pm

I have a 951G-2HnD. As of yesterday, I had a VPN setup between my home and my office. My home network is 192.168.15.x. My office is 192.168.100.x I have a network attached storage on my 192.168.15.x As of yesterday I was able to access my NAS from my office.

I also had a "dial in" vpn setup on my laptop. When I was away from my house, I connect via the VPN and I could access my NAS.

Yesterday, I registered for a pureVPN account. I followed the directions here (https://support.purevpn.com/mikrotik-configuration) to activate my pureVPN connection.

My pureVPN began working. However, since I got the pureVPN to work, I can no longer access my NAS at my home location.

I can ping my router without a problem. I can even use winbox and log into my home router and make changes, I just cannot get past the router to my home network.

I was hoping the experts here could help correct this issue.

I will be happy to provide my router configuration if needed.
--
And now I shall close on the subject by quoting Ronald Reagan - who, shortly after taking a bullet, was heard to quip "Ow! Ow! Ow!"
 
User avatar
vader7071
newbie
Topic Author
Posts: 32
Joined: Tue Jan 07, 2014 9:44 pm

Re: Issue with VPN connecting behind router

Sat Aug 26, 2017 12:59 am

Doing some research I have discovered it is a mangle rule that is causing the issue. I am not sure what I need to do to adjust or edit this rule to allow pass through to the rest of the network.

My mangle rule is:

General
Chain: prerouting
Src. Address: 192.168.15.0/24

Action
Action: mark routing
New routing mark: PureVPN-PPTP
Passthrough is checked.

Now it may be something under the PureVPN-PPTP but when I disable the mangle rule I can access my home network.
--
And now I shall close on the subject by quoting Ronald Reagan - who, shortly after taking a bullet, was heard to quip "Ow! Ow! Ow!"
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: Issue with VPN connecting behind router

Sat Aug 26, 2017 8:49 am

Add another mangle rule which doesn't mark anything but does not passthrough before that rule. It should match the same src address, AND the dst address of your office LAN.

Or, you can just add the dst-address of your Office LAN to the PureVPN rule and negate it by checking the box in front of the address field. An exclamation mark should appear.

Both should work. If you want other VPNs to work in the future, you may need lots of rules before the PureVPN rule. If you will only have the office VPN and the PureVPN, just marking the PureVPN rule as not applying to the office subnet dst-address is easy.
 
User avatar
vader7071
newbie
Topic Author
Posts: 32
Joined: Tue Jan 07, 2014 9:44 pm

Re: Issue with VPN connecting behind router

Mon Aug 28, 2017 4:05 pm

Thank you. My goal is to have just 2 other VPNs other than the PureVPN

#1 would be my office (critical)
#2 would be my laptop when away from home. (nice to have)

I got the Dst. address loaded and tested. It worked perfect. Thanks so much. My next step will be to try and create the second mangle rule so my laptops can VPN in. I am not very familiar with them, so I will research them more to figure out exactly what I need to fillout (chain setting, Src & Dst address setting, action setting, etc).

PureVPN said there was no way to do this without paying for extra services. I knew there had to be a way since I was connecting 2 microtiks together and I had access to my router, just not anything behind it.
--
And now I shall close on the subject by quoting Ronald Reagan - who, shortly after taking a bullet, was heard to quip "Ow! Ow! Ow!"
 
User avatar
vader7071
newbie
Topic Author
Posts: 32
Joined: Tue Jan 07, 2014 9:44 pm

Re: Issue with VPN connecting behind router

Mon Aug 28, 2017 6:58 pm

Lambert, been trying to make the new mangle rule work.

I basically copied the original rule exactly, except modified it around the IP structure for the "dial-in" VPN. It does not work.

Here is what I have:
<Mangle Rule>
{General}
Chain: prerouting
Src: 192.168.15.0/24
Dst: ! 192.168.15.0/24 (I think this may need to go away, but I have tried both with and without this)

{Advanced}
[nothing]

{Extra}
[nothing]

{Action}
Action: mark routing
New Routing Mark: PureVPN-PPTP
Passthrough = checked
--
And now I shall close on the subject by quoting Ronald Reagan - who, shortly after taking a bullet, was heard to quip "Ow! Ow! Ow!"
 
pe1chl
Forum Guru
Forum Guru
Posts: 5928
Joined: Mon Jun 08, 2015 12:09 pm

Re: Issue with VPN connecting behind router

Mon Aug 28, 2017 7:22 pm

Of course "the mangle rule works".
Maybe it does not what you want it to do, that is a different story.
But it is unclear what exactly you want it to do, probably even to yourself.
So first you need to think about what it really is that you want, how the network should behave to "work" in your opinion.
Once you have clearly designed this (e.g. using a small drawing with some traffic flows), it should be easier to make
it "work" without just blindly trying things and finding it "does not work".
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: Issue with VPN connecting behind router

Mon Aug 28, 2017 7:49 pm

Lambert, been trying to make the new mangle rule work.

I basically copied the original rule exactly, except modified it around the IP structure for the "dial-in" VPN. It does not work.

Here is what I have:
<Mangle Rule>
{General}
Chain: prerouting
Src: 192.168.15.0/24
Dst: ! 192.168.15.0/24 (I think this may need to go away, but I have tried both with and without this)

{Action}
Action: mark routing
New Routing Mark: PureVPN-PPTP
Passthrough = checked
Src: 192.168.15.0/24
Dst: 192.168.100.0/24 (no !)

(Or, I'm not sure which router you're putting this on, office or home.)
Src: 192.168.100.0/24
Dst: 192.168.15.0/24

Action: accept/pass/ whatever it says, I don't have one in front of me.
Passthrough = uncheck.

Then make sure that rule comes before the PureVPN rule.
 
User avatar
vader7071
newbie
Topic Author
Posts: 32
Joined: Tue Jan 07, 2014 9:44 pm

Re: Issue with VPN connecting behind router

Tue Aug 29, 2017 7:52 pm

The x.x.100.x and x.x.15.x is working perfect. All I had to do there was add the DST address in the original mangle rule and I got the access I needed.

Now I am trying to make my Dial In VPN work.

This one will be a little different. I hope my diagram below makes sense. This is how I see it in my head, although it may be totally incorrect.

Image

The Office to RB951 works perfect. That is set.

I know my IP address of my ISP to my house (that is the 66.x.x.x If I disable pureVPN {the 104.x.x.x ip address}, that would be my home IP address).

My laptop's VPN connects to my home RB951 using the 66.x.x.x ip address. When it connects, my laptop will be assigned a 192.168.15.x ip address on my home network. I am having trouble trying to determine the mangle rule to accomplish this. Does this make sens?
--
And now I shall close on the subject by quoting Ronald Reagan - who, shortly after taking a bullet, was heard to quip "Ow! Ow! Ow!"

Who is online

Users browsing this forum: MSN [Bot] and 75 guests