Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

misucatinas · Wed Oct 10, 2018 4:10 pm

Hello everyone,
I configured mikrotik vpn and works VPN (PPTP/L2TP with IPSec password).
I can connect through vpn to server or shared folders by local ip address but not by hostname.
Is it possible to work by hostname without edit hosts file?
Thank you

.

gerakon · Thu Oct 11, 2018 5:49 am

Besides the host file, the other way to do it is to setup a WINS server. Personally I either setup UNC shortcuts to the IP address or you could map a network drive to the IP address, though my installs are smaller so it's not usually a big deal. Larger networks might make this less feasible.

One other thought that I haven't tried, would DNS work? You might have to use the FQDN.

misucatinas · Thu Oct 18, 2018 1:45 pm

Thank you for responde.
How I configure wins server?

irico · Thu Oct 18, 2018 1:59 pm

On L2TP profile you can specify DNS server. If you specify your domain DNS server (I asume it is a domain network), and use \\machine.domain.local to access shared folders should work.

misucatinas · Thu Oct 18, 2018 2:13 pm

Hi irico,
No, it`s not configured domain.

gerakon · Thu Oct 18, 2018 7:07 pm

WINS can be configured on a Windows Server, Linux or Synology NAS (probably other NAS's as well but I'm less familiar with them).

Just found this is from Microsoft.
https://docs.microsoft.com/en-us/window ... s/wins-top
So don't do what I said.

If you are using your Mikrotik router as DNS server, just use that and add entries like this

/ip dns static
add address=192.168.1.1 name=router
add address=192.168.1.2 name=ftp.mydomain.com
add address=192.168.1.3 name=jimscomputer

misucatinas · Fri Oct 19, 2018 9:05 am

@gerakon, I added DNS static and it`s not work.

misucatinas · Wed Nov 07, 2018 1:23 pm

Hi again,
I attach video. please tell me what`s wrong.
Thank you!

https://youtu.be/goG24gJ3tvk

karlisi · Wed Nov 07, 2018 1:43 pm

Remove google DNS server from VPN profile

misucatinas · Wed Nov 07, 2018 3:00 pm

@karlisi, Thank you for responde.
Removed google dns and didn`t work.

I attached capture screen.

karlisi · Wed Nov 07, 2018 3:45 pm

It's very hard to guess what is wrong only from video and screens. Can You post output from /export hide-sensitive ?

misucatinas · Wed Nov 07, 2018 4:11 pm

Sure,

[admin@MikroTik-Contver] > export hide-sensitive
# nov/07/2018 16:04:00 by RouterOS 6.27
# software id = PZI3-Y9C3
#
/interface bridge
add admin-mac=4C:5E:0C:91:11:B9 arp=proxy-arp auto-mac=no mtu=1500 name=\
    bridge-local
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=10 band=2ghz-b/g/n channel-width=\
    20/40mhz-ht-above country=romania disabled=no distance=indoors l2mtu=2290 \
    mode=ap-bridge ssid="Contver Privat" wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
    ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
    ether5-slave-local
set [ find default-name=ether6 ] master-port=ether2-master-local name=\
    ether6-slave-local
set [ find default-name=ether7 ] master-port=ether2-master-local name=\
    ether7-slave-local
set [ find default-name=ether8 ] master-port=ether2-master-local name=\
    ether8-slave-local
set [ find default-name=ether9 ] master-port=ether2-master-local name=\
    ether9-slave-local
set [ find default-name=ether10 ] master-port=ether2-master-local name=\
    ether10-slave-local
set [ find default-name=ether11 ] master-port=ether2-master-local name=\
    ether11-slave-local
set [ find default-name=ether12 ] master-port=ether2-master-local name=\
    ether12-slave-local
set [ find default-name=ether13 ] master-port=ether2-master-local name=\
    ether13-slave-local
set [ find default-name=ether14 ] master-port=ether2-master-local name=\
    ether14-slave-local
set [ find default-name=ether15 ] master-port=ether2-master-local name=\
    ether15-slave-local
set [ find default-name=ether16 ] master-port=ether2-master-local name=\
    ether16-slave-local
set [ find default-name=ether17 ] master-port=ether2-master-local name=\
    ether17-slave-local
set [ find default-name=ether18 ] master-port=ether2-master-local name=\
    ether18-slave-local
set [ find default-name=ether19 ] master-port=ether2-master-local name=\
    ether19-slave-local
set [ find default-name=ether20 ] master-port=ether2-master-local name=\
    ether20-slave-local
set [ find default-name=ether21 ] master-port=ether2-master-local name=\
    ether21-slave-local
set [ find default-name=ether22 ] master-port=ether2-master-local name=\
    ether22-slave-local
set [ find default-name=ether23 ] master-port=ether2-master-local name=\
    ether23-slave-local
set [ find default-name=ether24 ] master-port=ether2-master-local name=\
    ether24-slave-local
set [ find default-name=sfp1 ] name=sfp1-gateway
/ip neighbor discovery
set ether1-gateway discover=no
set sfp1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
add authentication-types=wpa2-psk management-protection=allowed mode=\
    dynamic-keys name=guest supplicant-identity=MikroTik
/interface wireless
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:91:11:D1 master-interface=wlan1 \
    name=wlan2 security-profile=guest ssid="Contver Guest" wds-cost-range=\
    0-4294967295 wds-default-bridge=bridge-local wds-default-cost=0
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1,sha256 enc-algorithms=\
    3des,aes-128-cbc,aes-192-cbc,aes-256-cbc
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=guest-dhcp ranges=192.168.89.10-192.168.89.254
add name=vpn-pool ranges=192.168.90.1-192.168.90.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=\
    default
add address-pool=guest-dhcp disabled=no interface=wlan2 lease-time=3d name=\
    dhcp-guest
/port
set 0 name=serial0
/ppp profile
add dns-server=192.168.88.1 local-address=vpn-pool name=vpn-profile \
    remote-address=vpn-pool use-encryption=yes
add dns-server=8.8.8.8,192.168.88.1 local-address=192.168.91.1 name=\
    "pptp tunnel" only-one=yes remote-address=192.168.91.2
add dns-server=8.8.8.8,192.168.88.1 local-address=192.168.92.1 name=\
    "l2tp tunel" only-one=yes remote-address=192.168.92.2
/snmp community
set [ find default=yes ] addresses=8xxxxxxx/32 name=contver
/system logging action
set 3 remote=8xxxxx remote-port=5514
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no
set 1 dscp-based-qos-dscp-to-dscp-mapping=no
set 2 dscp-based-qos-dscp-to-dscp-mapping=no
set 3 dscp-based-qos-dscp-to-dscp-mapping=no
set 4 dscp-based-qos-dscp-to-dscp-mapping=no
set 5 dscp-based-qos-dscp-to-dscp-mapping=no
set 6 dscp-based-qos-dscp-to-dscp-mapping=no
set 7 dscp-based-qos-dscp-to-dscp-mapping=no
set 8 dscp-based-qos-dscp-to-dscp-mapping=no
set 9 dscp-based-qos-dscp-to-dscp-mapping=no
set 10 dscp-based-qos-dscp-to-dscp-mapping=no
set 11 dscp-based-qos-dscp-to-dscp-mapping=no
set 12 dscp-based-qos-dscp-to-dscp-mapping=no
set 13 dscp-based-qos-dscp-to-dscp-mapping=no
set 14 dscp-based-qos-dscp-to-dscp-mapping=no
set 15 dscp-based-qos-dscp-to-dscp-mapping=no
set 16 dscp-based-qos-dscp-to-dscp-mapping=no
set 17 dscp-based-qos-dscp-to-dscp-mapping=no
set 18 dscp-based-qos-dscp-to-dscp-mapping=no
set 19 dscp-based-qos-dscp-to-dscp-mapping=no
set 20 dscp-based-qos-dscp-to-dscp-mapping=no
set 21 dscp-based-qos-dscp-to-dscp-mapping=no
set 22 dscp-based-qos-dscp-to-dscp-mapping=no
set 23 dscp-based-qos-dscp-to-dscp-mapping=no
set 24 dscp-based-qos-dscp-to-dscp-mapping=no
set 25 dscp-based-qos-dscp-to-dscp-mapping=no
/interface l2tp-server server
set default-profile=vpn-profile enabled=yes mrru=1600 use-ipsec=yes
/interface ovpn-server server
set certificate=cert_1 cipher=blowfish128,aes128,aes192,aes256 default-profile=\
    vpn-profile enabled=yes
/interface pptp-server server
set default-profile=vpn-profile enabled=yes
/interface sstp-server server
set default-profile=vpn-profile
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    ether2-master-local network=192.168.88.0
add address=192.168.89.1/24 interface=wlan2 network=192.168.89.0
add address=5xxxxxx/21 interface=ether1-gateway network=5.xxxxx
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
    ether1-gateway
add comment="default configuration" dhcp-options=hostname,clientid disabled=no \
    interface=sfp1-gateway
/ip dhcp-server lease
add address=192.168.88.100 always-broadcast=yes client-id=1:0:26:55:cf:87:43 \
    comment=Server mac-address=00:26:55:CF:87:43 server=default
add address=192.168.88.120 client-id=1:0:1b:8b:a3:d0:3d comment=\
    "imprimanta konica" mac-address=00:1B:8B:A3:D0:3D server=default
add address=192.168.88.200 client-id=1:34:64:a9:b:a8:80 comment="PC Ovidiu" \
    mac-address=34:64:A9:0B:A8:80 server=default
add address=192.168.88.51 client-id=1:0:0:48:4f:27:1b comment="EPSON MX20" \
    mac-address=00:00:48:4F:27:1B server=default
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
add address=192.168.89.0/24 comment=Guest dns-server=192.168.89.1 gateway=\
    192.168.89.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
add address=192.168.88.100 name=server2009
/ip firewall filter
add chain=input comment="Ax" in-interface=ether1-gateway \
    src-address=80xxxxxxx
add chain=input comment="misu- test" in-interface=ether1-gateway src-address=\
    188xxxxxxxx
add chain=input comment=VPN dst-port=1723 in-interface=ether1-gateway protocol=\
    tcp
add chain=input protocol=gre
add chain=input in-interface=ether1-gateway port=1701,500,4500 protocol=udp
add chain=input in-interface=ether1-gateway protocol=ipsec-esp
add chain=input port=1701,500,4500 protocol=udp
add chain=input protocol=ipsec-esp
add chain=input comment="default configuration" protocol=icmp
add action=drop chain=forward comment="Nu permitem din Guest spre Privat" \
    dst-address=192.168.88.0/24 in-interface=wlan2 src-address=192.168.89.0/24
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input dst-address=5.xxxxxx in-interface=ether1-gateway \
    log-prefix=yes
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
    sfp1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
    invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=sfp1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="NAT pentru OpenVPN" src-address=\
    192.168.90.0/24 to-addresses=0.0.0.0
/ip ipsec peer
add enc-algorithm=3des,aes-128,aes-192,aes-256 exchange-mode=main-l2tp \
    generate-policy=port-override send-initial-contact=no
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=1 gateway=5.xxxxx
add distance=1 dst-address=192.168.8.0/24 gateway=192.168.91.2
/ip service
set www-ssl disabled=no
/ip traffic-flow
set enabled=yes
/lcd interface pages
set 0 interfaces=wlan1
/ppp secret
add comment="o" name=ovidiu profile=vpn-profile
add comment="m" name=mihai profile=vpn-profile
add comment="a - cont de test" name=andrei profile=vpn-profile \
    service=pptp
add comment="Al" name=alexandra profile=vpn-profile
add comment="d" name=dana profile=vpn-profile
add comment="c" name=claudia profile=vpn-profile service=pptp
add comment="An" name=andreea profile=vpn-profile service=pptp
add name=misu profile=vpn-profile service=l2tp
add comment="Misu test tunnel" local-address=192.168.91.1 name=tunel profile=\
    "pptp tunnel" remote-address=192.168.91.2
add comment="Misu test tunnel" name=tunell2tp profile="l2tp tunel" service=l2tp
/snmp
set contact=" <>" enabled=yes \
    engine-id=contver location=""
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Bucharest
/system identity
set name=MikroTik-Contver
/system leds
set 0 interface=wlan1
set 1 interface=sfp1-gateway leds=""
/system logging
add action=remote topics=info,!packet
add action=remote topics=error,!packet
add action=remote topics=warning,!packet
add action=remote topics=critical,!packet
/system ntp client
set enabled=yes primary-ntp=193.104.37.238 secondary-ntp=78.96.7.8
/tool graphing interface
add
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-slave-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether20-slave-local
add interface=ether21-slave-local
add interface=ether22-slave-local
add interface=ether23-slave-local
add interface=ether24-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-slave-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether20-slave-local
add interface=ether21-slave-local
add interface=ether22-slave-local
add interface=ether23-slave-local
add interface=ether24-slave-local
add interface=wlan1
add interface=bridge-local

karlisi · Wed Nov 07, 2018 4:36 pm

Try this

/ppp profile
add dns-server=192.168.90.254 local-address=192.168.90.254 name=vpn-profile \
    remote-address=vpn-pool use-encryption=yes

karlisi · Wed Nov 07, 2018 4:42 pm

Not related to VPN problems, but /ip firewall rules are not in optimal order. In input chain put allow established, related rules on top.

ianngrh · Thu Nov 08, 2018 9:22 am

You may use fqdn format for your dns entry like "server2009.domain.com" rather than only server2009.

I found this post on windows support that may help you
https://support.microsoft.com/en-us/hel ... name-alias

misucatinas · Thu Nov 08, 2018 3:14 pm

No, it`s not work

@ianngrh If I use VPN, why I need domain or FQDN?

ianngrh · Fri Nov 09, 2018 8:37 am

Basically, vpn to your office is made to "make you feel you are on your office network". Logically you are connected to your office network, but physically you are not connected directly to your office network.
Windows only can call hostname or cname each other if :
1. The PC is connected to the network physically.
2. The network have WINS server to manage netbios name on the network
https://technet.microsoft.com/pt-pt/lib ... s.10).aspx
(please correct me if I got it wrong

)

To put it simply if you want to call your server only by hostname via vpn you have to :
1. Configure your own WINS server properly on your office
2. Point your WINS server on ppp profile setting

Otherwise you can point your dns to the office router and add static dns using fqdn format so you can access file sharing or remote desktop using fqdn server name.

misucatinas · Thu Sep 12, 2019 2:22 pm

@ianngrh Ok I understand, but if I use HAMACHI VPN and it works to connect server by hostname, so why?

Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Re: Can`t access to remote desktop/fileserver through PPTP/L2TP by hostname

Who is online