Hello there, i am fascinated to mikrotik router but i am also a beginner with this machines.
My problem is that i established a PPTP site to site tunnel between mikrotik router (client) and our HQ firewall (server),
but i can not route traffic between mikrotik LAN and HQ LAN. With mikrotik traceroute tool i can ping from mikrotik PPTP interface to HQ LAN
but not from mikrotik LAN. I added a static route in mikrotik with DST network form HQ LAN and gateway is mikrotik PPTP interface.
I this not corrrect, are there any NAT problems? The rest is default config of mikrotik routerboard 750 OS level 4.
Please tell me if you need more information, thanks for your help in advance!
Re: PPTP site to site problem
Let's assume the HQ network is 10.0.0.0/8 and the Mikrotik router LAN is 192.168.0.0/16. The PPTP tunnel has 172.16.1.1 on the HQ router, and 172.16.1.2 on the Mikrotik router.
On the HQ router you need to add a route to 192.168.0.0/16 with a next hop of 172.16.1.2. On the Mikrotik router you need to add a route to 10.0.0.0/8 with a next hop of 172.16.1.1.
Substitute your IP addresses as needed.
With routing between the two sites there's no need for NAT whatsoever.
On the HQ router you need to add a route to 192.168.0.0/16 with a next hop of 172.16.1.2. On the Mikrotik router you need to add a route to 10.0.0.0/8 with a next hop of 172.16.1.1.
Substitute your IP addresses as needed.
With routing between the two sites there's no need for NAT whatsoever.
Re: PPTP site to site problem
Thanks for incredible fast reply, the forum fascinates me too!
Quite close, in detail HQ LAN 10.20.0.0/16, Mikrotik LAN 192.168.88.0/24, PPTP on Mikrotik 172.16.99.115, PPTP on HQ 172.16.99.99.
I have Mikrotik route DST 10.20.0.0/16 gateway PPTP interface, i will replace that with 172.16.99.99 and have a look at the route from HQ PPTP (172.16.99.99) to Mikrotik LAN (192.168.88.0/24). Next hop == gateway, or not?
That means the traffic will be NATed when passes the default route to internet and not when directed through PPTP?
Quite close, in detail HQ LAN 10.20.0.0/16, Mikrotik LAN 192.168.88.0/24, PPTP on Mikrotik 172.16.99.115, PPTP on HQ 172.16.99.99.
I have Mikrotik route DST 10.20.0.0/16 gateway PPTP interface, i will replace that with 172.16.99.99 and have a look at the route from HQ PPTP (172.16.99.99) to Mikrotik LAN (192.168.88.0/24). Next hop == gateway, or not?
That means the traffic will be NATed when passes the default route to internet and not when directed through PPTP?
Re: PPTP site to site problem
If you're simply asking whether "next hop" means the same as "gateway" then yes, it does. Not sure I understand the question.Next hop == gateway, or not?
Not sure I understand this question either. The router will NAT when you're telling it to NAT. Whether you're telling your router to NAT traffic going across the PPTP tunnel is impossible to determine without looking at your NAT configuration. I merely meant to say that it's not necessary to NAT across a routed link. Best practice would be not to NAT, because it's best to only NAT when you absolutely have to.That means the traffic will be NATed when passes the default route to internet and not when directed through PPTP?
Re: PPTP site to site problem
Hi, I tried and got the same problem.
I have RB450G(Home) & RB2011(Office), software are both ROS v5.26
all setting follow the official document : "Site-to-Site PPTP" as below link
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP
Laptop can only reach PPTP remote (172.16.1.1) but can not touch workstation1 (10.1.101.2)
Is this a bug of ROS v5?
I have RB450G(Home) & RB2011(Office), software are both ROS v5.26
all setting follow the official document : "Site-to-Site PPTP" as below link
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP
Laptop can only reach PPTP remote (172.16.1.1) but can not touch workstation1 (10.1.101.2)
Is this a bug of ROS v5?