Community discussions

 
Shadaia
just joined
Topic Author
Posts: 2
Joined: Mon Jun 03, 2019 4:19 pm

Push remote route through ppp

Sun Jun 23, 2019 10:22 pm

Hello, so as of now is there any way to push the static route to my subnet through ppp connection (l2tp to be specific) or does it still require doing so manually on client's PC? And if so, what is the solution on android devices?

My local network:
192.168.1.0/24
My VPN network:
192.168.55.0/24

I know I can have my local network 10.0.0.0/24, and then having my VPN pool to be set as 10.20.0.1-10.20.0.254 (for example) tricks my Network Adapter to add 10.0.0.0/8 route going through VPN, but currently I can't change my LAN network, so it's not the solution.

I want to uncheck using remote gateway, so all the traffic goes through client's internet (though I would want that to be set unchecked by default, but this is not possible as far as I know), and I want my client to communicate with 192.168.1.0/24 network. Any ideas?
 
mducharme
Trainer
Trainer
Posts: 868
Joined: Tue Jul 19, 2016 6:45 pm

Re: Push remote route through ppp

Sun Jun 23, 2019 11:12 pm

There is no good solution for this with l2tp. The best way to accomplish this is with IPsec road warrior.

https://wiki.mikrotik.com/wiki/Manual:I ... _Mode_Conf

The split-include takes care of this.
 
McSee
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Tue Feb 26, 2019 12:49 pm

Re: Push remote route through ppp

Tue Jun 25, 2019 4:17 pm

Hello, so as of now is there any way to push the static route to my subnet through ppp connection (l2tp to be specific) or does it still require doing so manually on client's PC?
It's possible by using some third party DHCP server. I use Microsoft DHCP server (within Windows Server) with required settings + couple of firewall rules for Mikrotik router (1 NAT + 1 Raw).
The trick is to redirect by NAT rule (255.255.255.255 -> DHCP server IP) VPN client's request for DHCP options then gives back answer thru Raw 'no track' rule to prevent changing the address back to 255.255.255.255.
/ip firewall nat
add action=dst-nat chain=dstnat comment="DHCP INFORM" dst-address=255.255.255.255 dst-port=67  protocol=udp src-address=172.16.1.0/24 src-port=68 to-addresses=192.168.33.1

/ip firewall raw
add action=notrack chain=prerouting comment="DHCP INFORM" dst-address=172.16.1.0/24 dst-port=68  protocol=udp src-address=192.168.33.1 src-port=67

Who is online

Users browsing this forum: MSN [Bot] and 129 guests