Hi,

I have followed the following tutorial:

http://www.mikrotik.com/documentation/m ... /L2TP.html

and while I can ping over the tunnel from each router, I can't access either side from behind either router. It is like it isn't routing between the physical and VPN interface. My traceroutes go to the router then stop there. The best example I have is this diagram:

https://acrobat.com/#d=xd1pUokCPfrfWoT2WREjYw

Where the statically routed IP 74.168.1.68 can be pinged from 74.168.1.170, but any pings to 74.168.1.68 from any other location all die at 74.168.1.170. The same is true for the private networks behind both 74.168.1.170 and 209.191.192.45 neither are reachable from the other network even though static routes exist that point the networks to the 10.2.1.x (other side of the tunnel's IP). Just the fact that I can ping from within either end point to either the statically routed IP, or the far end network should demonstrate that the static routes are built correctly.

I'm all out of ideas and scratching a hole in my head.

Thanks

Miles

You need to set up proper routing. local subnets must be routed through the tunnel.

Yes that is what I'm doing which is why I can ping them on the router.

Just to be clear I can ping 74.168.1.68 from 74.168.1.170, but I can't ping it from any other hosts even though all traceroutes show 74.168.1.170 as the last hop before it dies. In 74.168.1.170 I have a static route pointing 74.168.1.68 to the IP on the far end of the tunnel, and they obviously work since I can ping it from the router directly (only when the static routes are built)

I think you forgot to made a policy route for 74.168.1.68 router.
Must have default gateway for ip 74.168.1.68 to 10.10.1.1
otherwise it wont have any return path to sender packets.

And your vpn is not simple :p
I made /30 for tunnel and all private network routed outside the vpn ip blocks.
That will made you clear enough to make any routes for the tunneled network.

- Rio.Martin -