Community discussions

MikroTik App
 
Arty
just joined
Topic Author
Posts: 2
Joined: Thu Nov 01, 2018 7:28 pm

SSTP VPN between two MT routers

Thu Nov 01, 2018 7:40 pm

Please see the attached image.
We need to set up a secure VPN connection between MikroTik 1 and Mikrotik 2 devices and direct all the traffic from PCs through MikroTik 2 router (including internet traffic). MikroTik 2 is configured as SSTP server. Everything works as expected in situation 2, but if MikroTik 1 is behind another NAT PCs cannot access the internet despite the fact that MikroTik 1 successfully connects to VPN, and traffic is passing (I can ping Mikrotik 2 internal VPN IP from all the pcs).
You do not have the required permissions to view the files attached to this post.
 
User avatar
acald3ron
just joined
Posts: 18
Joined: Tue Jan 06, 2015 8:26 am
Location: Rosarito, México
Contact:

Re: SSTP VPN between two MT routers

Fri Nov 02, 2018 5:18 am

Less devices in the middle is better.
 
Arty
just joined
Topic Author
Posts: 2
Joined: Thu Nov 01, 2018 7:28 pm

Re: SSTP VPN between two MT routers

Fri Nov 02, 2018 9:18 am

Less devices in the middle is better.
Of course. The thing is - we have this mobile network of wi-fi connected iot devices (displayed as PCs in picture above), and we need to take it with us for demonstration purposes to different places. Since the iot devices connect to our servers, we don't want anyone to be able to sniff the traffic - therefore the need for vpn. I have no more ideas why this isn't working behind another router with NAT. Any clue where to look?
 
tippenring
Member Candidate
Member Candidate
Posts: 211
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: SSTP VPN between two MT routers

Fri Nov 02, 2018 4:13 pm

It seems to me there are details missing in your explanation. SSTP will transit NAT with no problem. You admit this when you say the PCs can ping Mikrotik 2.

Based on the information provided, I think there's something else going on unrelated to a NAT device in the middle.

/export hide-sensitive is your friend. Post your configs (munge your public IPs).

Who is online

Users browsing this forum: macsrwe and 80 guests