I'm new on networking and searched as more i could before i post this.
I 'm using hAP ac2 and i want to setup a VPN tunnel from my office to my home.
i have reset with default config and setup with Quick set - WISP-AP settings throu PPPoe connection.
I can connect from my office and my mobile to my VPN L2pt, i can ping my router (10.0.0.1) but i can't login, neither i cant ping the other devices at my lan (10.0.0.1/24)
I suppose export file is required so i m posting it.
After a lot of research, i can't find anything wrong expect the bridge i have tried both with arp=enabled and arp=proxy-arp. None of them working.
Also with tracert in windows i have that result :
This is the export:C:\Users\user>tracert 8.8.8.8
Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:
1 55 ms 60 ms 53 ms 192.168.89.1
2 72 ms 70 ms 68 ms 79.128.213.100
3 74 ms 90 ms 123 ms 79.128.232.86
4 79 ms 81 ms 75 ms 62.75.3.69
5 116 ms 120 ms 110 ms 62.75.8.58
6 130 ms 113 ms 120 ms 74.125.51.154
7 195 ms 144 ms 114 ms 108.170.252.65
8 118 ms 108 ms 111 ms 108.170.235.247
9 121 ms 107 ms 105 ms dns.google [8.8.8.8]
Trace complete.
C:\Users\user>ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time=71ms TTL=64
Reply from 10.0.0.1: bytes=32 time=62ms TTL=64
Reply from 10.0.0.1: bytes=32 time=66ms TTL=64
Reply from 10.0.0.1: bytes=32 time=101ms TTL=64
I cannot understand what i 'm doing wrong. I noticed when i m using my mobile with VPN active, i have internet but the stats on NAT Rule for VPN connection not going up but the public ip is the home's public office so it seems that working, same at office's pc.# mar/26/2020 12:05:47 by RouterOS 6.46.4
# software id = 20TD-MASQ
#
# model = RBD52G-5HacD2HnD
# serial number = A6470AD52847
/interface bridge
add admin-mac=74:4D:28:8B:D9:C8 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=o2n6kc@otenet.gr
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-XX country=no_country_set disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower mode=ap-bridge ssid=MikroTik-8BD9CC wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=no_country_set disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower mode=ap-bridge ssid=paok-5ghz wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=10.0.0.100-10.0.0.150
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue simple
add name=lan target=10.0.0.0/24
add burst-time=1s/1s limit-at=512k/2M max-limit=1M/4M name=tv+mob parent=lan target=10.0.0.140/32,10.0.0.141/32,10.0.0.145/32
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=WAN
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=10.0.0.1/24 comment=defconf interface=ether2 network=10.0.0.0
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=10.0.0.240 client-id=1:30:85:a9:9b:4e:b2 mac-address=30:85:A9:9B:4E:B2 server=defconf
add address=10.0.0.145 client-id=1:6c:c7:ec:83:e4:da mac-address=6C:C7:EC:83:E4:DA server=defconf
add address=10.0.0.141 client-id=1:9c:2e:a1:93:59:df mac-address=9C:2E:A1:93:59:DF server=defconf
add address=10.0.0.140 client-id=1:a0:6f:aa:7b:d9:ea mac-address=A0:6F:AA:7B:D9:EA server=defconf
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=10.0.0.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip ssh
set forwarding-enabled=remote
/ppp secret
add name=vpn profile=default-encryption
/system clock
set time-zone-name=Europe/Athens
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
My plan is after L2pt working, i have setup a FreePBX and i want to get the calls at my office pc's and 2 mobiles.
Thank you in advance
Bob