Community discussions

MikroTik App
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1424
Joined: Sun Sep 18, 2011 7:00 pm

vpn for office netwrok only?

Wed Mar 27, 2019 3:35 pm

Hello ,
I have setup l2tp (without ipsec) to my office router
and I want to linit my connection to only 1 network inside the office
and for the internet to use my home connection (not use the vpn)

I have this setting in the firewall for my user
11    chain=forward action=accept src-address=172.16.100.4  dst-address=172.16.44.0/24 log=no log-prefix="" 
12    chain=forward action=accept src-address=172.16.100.4  dst-address=172.16.40.0/24 log=no log-prefix="" 
13    chain=forward action=drop src-address=172.16.100.4 log=no log-prefix="" 

from my home I can see that I can only get to this 2 networks
but I can't surf the internet
I don't get a ping to 8.8.8.8 even
when I disable rule 13 - it start working

is it something to define in the mikrotik router or in the vpn setting in the computer ?

Thanks ,
 
gotsprings
Forum Guru
Forum Guru
Posts: 2103
Joined: Mon May 14, 2012 9:30 pm

Re: vpn for office netwrok only?

Wed Mar 27, 2019 3:41 pm

You need to allow the VPN'd client to reach the internet and BLOCK access to the subnets you don't want it reaching. Mostly handled in /ip firewall filter.

Rule 11 lets you access 192.168.44.0/24 network
Rule 12 lets you access 192.168.40.0/24 network
Rule 13 BLOCKS you from any other network.

SO unless you passed the internet above... rule 13 is going to prevent you from getting out to the internet.
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1424
Joined: Sun Sep 18, 2011 7:00 pm

Re: vpn for office netwrok only?

Wed Mar 27, 2019 3:58 pm

I know
but I don't wnat to go out to the internet using the office (vpn)

I manage to change the setting in the computer netwrok connection (remove V from the default gateway)

but I thought maybe there is a way to this from the router?
 
gotsprings
Forum Guru
Forum Guru
Posts: 2103
Joined: Mon May 14, 2012 9:30 pm

Re: vpn for office netwrok only?  [SOLVED]

Wed Mar 27, 2019 4:19 pm

If I understood...

You VPN to the Office using a OPERATING SYSTEMS OS. But you don't want to SEND ALL YOUR TRAFFIC to the Office network, then on to the internet?

In Apple there is a Tick Mark for "send all traffic over VPN Connection".
In Windws there is a Tick Mark for "use default gateway on remote network".

If you have Tiks on both sides... they can make the VPN and you can make a routing rule to send traffic destined to the other Tik over the VPN.
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1424
Joined: Sun Sep 18, 2011 7:00 pm

Re: vpn for office netwrok only?

Wed Mar 27, 2019 4:30 pm

this is what I did ...

Thanks ,
 
gotsprings
Forum Guru
Forum Guru
Posts: 2103
Joined: Mon May 14, 2012 9:30 pm

Re: vpn for office netwrok only?

Wed Mar 27, 2019 6:39 pm

You are welcome.

You might want to select my answer as accepted so others can find it quickly.

Who is online

Users browsing this forum: Ahrefs [Bot] and 95 guests