I have an odd issue. I've successfully set up an L2TP VPN which authenticates to a Radius Server using Winbox. The config is set so that all traffic should be tunnelled through the VPN for technicians to access local internal resources as well as mask their current location by tunnelling traffic through the VPN.
On Windows 10, there are no issues. Clients can authenticate to the VPN - Internet traffic is tunnelled and can access internal Web Interfaces. On both MacOS & Linux however, users can only access the internet (via the VPN), however are unablel to access anything internal. Ping fails as well.
I'm thinking it's a routing table that isn't being provided to non-Windows clients, perhaps the OS is interpreting it in an odd way. I don't see how it could be a Firewall config on the Router since Windows clients can access the internal LAN.
Any tips? I'm fairly new to Mikrotik, would greatly appreciate some help. I've searched the forums, however did not find an article linked to this particular issue.
Attaching my config:
# dec/16/2020 17:51:44 by RouterOS 6.47.4
# software id = M4JN-1399
#
# model = CCR2004-1G-12S+2XS
# serial number =
/interface bridge
add arp=local-proxy-arp name=bridge-LAN
/interface ethernet
set [ find default-name=ether1 ] name=nuroWAN
set [ find default-name=sfp-sfpplus1 ] name=portLAN01
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.0.2.100-10.0.2.254
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=ldapvpn ranges=10.0.9.0-10.0.9.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-LAN name=dhcp1
/ppp profile
add dns-server=10.0.0.1 incoming-filter="" interface-list=LAN local-address=\
10.0.0.1 name=ldap-vpn outgoing-filter="" remote-address=ldapvpn \
use-encryption=required
set *FFFFFFFE dns-server=10.0.0.1 local-address=10.1.0.0 remote-address=vpn
/interface bridge port
add bridge=bridge-LAN interface=portLAN01
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=ldap-vpn enabled=yes \
use-ipsec=required
/interface list member
add interface=nuroWAN list=WAN
add interface=bridge-LAN list=LAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=10.0.0.1/16 interface=portLAN01 network=10.0.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add disabled=no interface=nuroWAN
/ip dhcp-server lease
add address=10.0.2.232 mac-address=08:00:27:70:7E:98 server=dhcp1
/ip dhcp-server network
add address=10.0.0.0/16 dns-server=10.0.0.1 gateway=10.0.0.1 netmask=16 \
ntp-server=10.0.0.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.0.5.1 name=hydro.corp
add address=10.0.5.2 name=helium.corp
add address=10.0.2.1 name=lic001.corp
add address=10.0.1.10 name=swmain.corp
add address=10.0.3.2 name=cube02.corp
add address=10.0.3.1 name=cube01.corp
add address=10.0.3.3 name=cube03.corp
add address=10.0.3.5 name=cube05.corp
add address=10.0.0.34 name=cube04.corp
add address=10.0.3.6 name=cube06.corp
add address=10.0.3.7 name=cube07.corp
add address=10.0.3.10 name=cube10.corp
add address=10.0.3.8 name=cube08.corp
add address=10.0.3.9 name=cube09.corp
add address=10.0.3.11 name=cube11.corp
add address=10.0.3.12 name=cube12.corp
add address=10.0.3.13 name=cube13.corp
add address=10.0.3.21 name=cube21.corp
add address=10.0.3.22 name=cube22.corp
add address=10.0.3.23 name=cube23.corp
add address=10.0.3.24 name=cube24.corp
add address=10.0.2.1 name=lic001.corp.com
add address=10.0.6.10 name=herp010.corp
add address=10.0.6.11 name=herp011.corp
add address=10.0.6.12 name=herp012.corp
add address=10.0.1.1 name=swnetgeara.corp
add address=10.0.1.2 name=swnetgearb.corp
add address=10.0.6.1 name=herp001.corp
add address=10.0.6.2 name=herp002.corp
add address=10.0.6.3 name=herp003.corp
add address=10.0.6.4 name=herp004.corp
add address=10.0.6.5 name=herp005.corp
add address=10.0.6.6 name=herp006.corp
add address=10.0.6.7 name=herp007.corp
add address=10.0.6.8 name=herp008.corp
add address=10.0.6.9 name=herp009.corp
add address=10.0.6.13 name=herp013.corp
add address=10.0.6.14 name=herp014.corp
add address=10.0.6.15 name=herp015.corp
add address=10.0.6.16 name=herp016.corp
add address=10.0.5.3 name=lithium.corp
add address=10.0.2.232 name=spike.corp
/ip firewall address-list
add address=10.0.9.0-10.0.9.254 list=OutVpn
/ip firewall filter
add action=accept chain=input protocol=gre
add action=accept chain=input dst-port=1723 protocol=tcp
/ip firewall mangle
add action=mark-routing chain=prerouting connection-limit=100,32 \
dst-address-type="" dst-limit=1,5,dst-address/1m40s hotspot="" limit=\
1,5:packet new-routing-mark=VpnRoute passthrough=no psd=21,3s,3,1 \
src-address=10.0.9.0-10.0.9.254 src-address-type="" tcp-flags=""
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes dst-address=!10.0.0.0/16 \
out-interface=nuroWAN src-address=10.0.0.0/16
add action=src-nat chain=srcnat dst-address=10.0.0.1 src-address=\
10.0.9.0-10.0.9.254 src-address-list=OutVpn to-addresses=10.0.0.1
add action=masquerade chain=srcnat out-interface=nuroWAN
/ip route
add check-gateway=ping distance=1 gateway=nuroWAN routing-mark=VpnRoute
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp aaa
set use-radius=yes
/ppp secret
add local-address=10.0.3.227 name=vpn1
add local-address=10.0.3.226 name=vpn2
add local-address=10.0.3.225 name=vpn3
add name=vpn_test profile=default-vpn4
add local-address=10.0.3.224 name=vpn5
add local-address=10.0.3.223 name=vpn6
add name=joe
add name=bob
add name=chris
add name=derp
/radius
add address=10.0.5.3 domain=corp service=ppp src-address=10.0.0.1
/system clock
set time-zone-name=
/system identity
set name=rockyrouter
