Page 1 of 1

VPN PPTP

Posted: Tue Oct 08, 2019 3:15 pm
by abdalnoor
i need to config PPTP server using my router board 952 and when i connect using vpn from my pc windows 10 and can't reach my local network e.g my dvr 192.168.7.10 and can only access the routerboard , and below is the export from my router board


/interface bridge
add arp=proxy-arp name="BR - DHCP" protocol-mode=none
add name="BR - MGM" protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
    10.25.240.170 name="01 - Main"
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
    192.168.7.10 name="02 - DVR"
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name="03 - "
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name="04 - "
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name="05 - "
/interface pppoe-client
add add-default-route=yes disabled=no interface="BR - MGM" keepalive-timeout=\
    disabled name=pppoe-out1 password=nnn user=n@n
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=profile1 \
    supplicant-identity="" wpa-pre-shared-key=12345678 wpa2-pre-shared-key=\
    12345678
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no hide-ssid=yes mode=ap-bridge name="wlan1 - 2G" \
    security-profile=profile1 ssid=MikroTik2G
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee \
    disabled=no hide-ssid=yes mode=ap-bridge name="wlan2 - 5G" \
    security-profile=profile1 ssid=MikroTik5G
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.7.100-192.168.7.254
add name="VPN Pool" ranges=192.168.7.50-192.168.7.60
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface="BR - DHCP" name=dhcp1
/ppp profile
add dns-server=8.8.8.8 local-address=192.168.7.1 name=profile1 remote-address=\
    "VPN Pool"
/interface bridge port
add bridge="BR - DHCP" hw=no interface="02 - DVR"
add bridge="BR - DHCP" hw=no interface="03 - "
add bridge="BR - DHCP" hw=no interface="04 - "
add bridge="BR - DHCP" hw=no interface="05 - "
add bridge="BR - DHCP" interface="wlan1 - 2G"
add bridge="BR - DHCP" interface="wlan2 - 5G"
add bridge="BR - MGM" hw=no interface="01 - Main"
/interface pptp-server server
set authentication=mschap2 enabled=yes
/ip address
add address=10.25.240.171/24 interface="01 - Main" network=10.25.240.0
add address=192.168.7.1/24 interface="BR - DHCP" network=192.168.7.0
/ip dhcp-server network
add address=192.168.7.0/24 dns-server=109.224.14.2,109.224.14.3 gateway=\
    192.168.7.1
/ip firewall filter
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=R7 passthrough=yes \
    src-address=192.168.7.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
    192.168.7.0/24
/ip route
add distance=1 gateway=pppoe-out1 routing-mark=R7
add distance=1 dst-address=10.25.240.0/24 gateway="BR - MGM" routing-mark=R7
add distance=1 dst-address=192.168.7.0/24 gateway="BR - DHCP" routing-mark=R7
add distance=1 gateway=10.25.240.1
add distance=1 dst-address=216.239.35.12/32 gateway=pppoe-out1
/ppp secret
add name=abdulnoor password=11111111 profile=profile1

Re: VPN PPTP  [SOLVED]

Posted: Tue Oct 08, 2019 9:33 pm
by Sob
It's because all response packets from 192.168.7.0/24 get routing mark R7 and they are routed back to "BR - DHCP" interface instead of to VPN client. At first sight the whole part with routing marks seems completely useless, so unless you have some good reason to have it, just get rid of it and everything should work.

Re: VPN PPTP

Posted: Tue Oct 08, 2019 10:31 pm
by Zacharias
Sob is right... why that mangle rule and all those routing marks?

Re: VPN PPTP

Posted: Wed Oct 09, 2019 11:05 am
by abdalnoor
It's because all response packets from 192.168.7.0/24 get routing mark R7 and they are routed back to "BR - DHCP" interface instead of to VPN client. At first sight the whole part with routing marks seems completely useless, so unless you have some good reason to have it, just get rid of it and everything should work.
thanks for your replay it's solved my issue , and for these mangles i used the pppoe client and route my local traffic to this pppoe and when i disabled these static routes there no internet but i can access my DVR , so i cannot get rid of them