Community discussions

MikroTik App
 
calevizo
just joined
Topic Author
Posts: 23
Joined: Mon Apr 19, 2021 1:08 pm

L2PT-IPSEC VPN can connect to router & Internet but not to LAN

Fri Jun 04, 2021 1:43 pm

Hello,

I'm trying to connect to any of the LANs from the l2pt-ipsec VPN connection but I can only connect to the router from the PPP address 192.168.102.1 and to the internet (with pass all traffic through the VPN connection)

I tried disabling all my blocking firewall rules but that did not help

the VPN router IP is 192.168.102.1
VPN client IP is 192.169.102.2

I was trying to ping one of the router addresses eg 192.168.11.1,192.168.10.2 or device on the network eg 192.168.11.11

I don't know how to troubleshoot this, could you please help me or give me some tip where to look?

thank you
Chris
You do not have the required permissions to view the files attached to this post.
Last edited by calevizo on Fri Jun 04, 2021 4:50 pm, edited 1 time in total.
 
mikeeg02
Member Candidate
Member Candidate
Posts: 162
Joined: Fri Mar 30, 2018 2:28 am
Location: Pennsylvania

Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN

Fri Jun 04, 2021 3:47 pm

Is the client device configured to use the vpn as default gateway?
 
calevizo
just joined
Topic Author
Posts: 23
Joined: Mon Apr 19, 2021 1:08 pm

Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN

Fri Jun 04, 2021 4:49 pm

Is the client device configured to use the vpn as default gateway?

Hello mikeeg02

I believe so, yes

Screenshot 2021-06-04 at 4.46.53 PM.png
I also pass all traffic thought the VPN
Screenshot 2021-06-04 at 4.46.19 PM.png
You do not have the required permissions to view the files attached to this post.
 
mikeeg02
Member Candidate
Member Candidate
Posts: 162
Joined: Fri Mar 30, 2018 2:28 am
Location: Pennsylvania

Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN

Sat Jun 05, 2021 1:14 am

If you run a trace route to 192.168.11.1 or any of the ip addresses assigned to interfaces in the router, what does that show?
 
calevizo
just joined
Topic Author
Posts: 23
Joined: Mon Apr 19, 2021 1:08 pm

Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN

Sat Jun 05, 2021 12:07 pm

If you run a trace route to 192.168.11.1 or any of the ip addresses assigned to interfaces in the router, what does that show?

traceroute to the routers VPN IP
traceroute to 192.168.102.1 (192.168.102.1), 64 hops max, 52 byte packets
 1  192.168.102.1 (192.168.102.1)  136.960 ms  72.143 ms  86.224 ms
traceroute to device on the network
traceroute to 192.168.11.10 (192.168.11.10), 64 hops max, 52 byte packets
 1  172.20.10.1 (172.20.10.1)  2.345 ms  2.718 ms  2.639 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
...
 
calevizo
just joined
Topic Author
Posts: 23
Joined: Mon Apr 19, 2021 1:08 pm

Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN

Sat Jun 05, 2021 12:52 pm

funny thing is that I can ping 192.168.102.2 when its connected from devices in the 192.168.11.0/24 network
 
mikeeg02
Member Candidate
Member Candidate
Posts: 162
Joined: Fri Mar 30, 2018 2:28 am
Location: Pennsylvania

Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN

Sat Jun 05, 2021 1:01 pm

Add a route in the client for 192.168.11.0/24 with a gateway of 192.168.102.1. Trace route agrees its going through your local gateway.
 
calevizo
just joined
Topic Author
Posts: 23
Joined: Mon Apr 19, 2021 1:08 pm

Re: L2PT-IPSEC VPN can connect to router & Internet but not to LAN

Sat Jun 05, 2021 3:00 pm

Add a route in the client for 192.168.11.0/24 with a gateway of 192.168.102.1. Trace route agrees its going through your local gateway.
ok I tried that, it didn't work, but there is something else going on, I have the same setup in another router and it works without static routes

chris@MacBook-Pro ~ % sudo route -n add -net 192.168.11.0/24 192.168.102.1   
add net 192.168.11.0: gateway 192.168.102.1
chris@MacBook-Pro ~ % ping 192.168.11.11
PING 192.168.11.11 (192.168.11.11): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^Z
zsh: suspended  ping 192.168.11.11
chris@MacBook-Pro ~ % sudo route -n delete -net 192.168.11.0/24 192.168.102.1
delete net 192.168.11.0: gateway 192.168.102.1
chris@MacBook-Pro ~ % sudo route -n add -net 192.168.11.0/24 192.168.102.2   
add net 192.168.11.0: gateway 192.168.102.2
chris@MacBook-Pro ~ % ping 192.168.11.11                                     
PING 192.168.11.11 (192.168.11.11): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^Z
zsh: suspended  ping 192.168.11.11
chris@MacBook-Pro ~ % traceroute 192.168.11.11
traceroute to 192.168.11.11 (192.168.11.11), 64 hops max, 52 byte packets
 1  192.168.102.1 (192.168.102.1)  100.137 ms  71.063 ms  86.065 ms
 2  * * *
 3  * * *
^C
chris@MacBook-Pro ~ % sudo route -n delete -net 192.168.11.0/24 192.168.102.2
delete net 192.168.11.0: gateway 192.168.102.2
chris@MacBook-Pro ~ % sudo route -n add -net 192.168.11.0/24 192.168.102.1
add net 192.168.11.0: gateway 192.168.102.1
chris@MacBook-Pro ~ % traceroute 192.168.11.11                               
traceroute to 192.168.11.11 (192.168.11.11), 64 hops max, 52 byte packets
 1  192.168.102.1 (192.168.102.1)  797.008 ms  146.700 ms  80.307 ms
 2  * * *
^C

Who is online

Users browsing this forum: GoogleOther [Bot], jookraw, st3lios and 70 guests