Community discussions

MikroTik App
 
eclipse
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 30, 2006 8:29 pm

Step by step for setting up a vpn to my router boxes

Mon May 01, 2006 7:05 pm

I have a main office machine I wish to use to get into the local side of all my router boxes. How to I setup a vpn connection to them, so I can connect to each one individually when I need it and get on the local side of the router?
 
User avatar
aitsecurity
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Mar 16, 2006 12:28 am
Location: venezuela

Re: Step by step for setting up a vpn to my router boxes

Mon May 01, 2006 10:36 pm

I have a main office machine I wish to use to get into the local side of all my router boxes. How to I setup a vpn connection to them, so I can connect to each one individually when I need it and get on the local side of the router?
what do you want VPN roaming, or VPN site to site
 
eclipse
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 30, 2006 8:29 pm

Mon May 01, 2006 10:50 pm

I will be stationary at the machine, but I want to connect to many router boxes from this location. Kind of like ppp.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Mon May 01, 2006 11:34 pm

Roaming VPN then.

I'd suggest following the documentation for PPTP server setup here:

http://www.mikrotik.com/docs/ros/2.9/interface/pptp

Regards

Andrew
 
eclipse
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 30, 2006 8:29 pm

Tue May 02, 2006 1:07 am

Ok, I set up the pptp server and I set up my computer to connect. It works, gives me a address of 192.168.100.21 and server address of 192.168.100.20. However I cannot access the inside of that routers network (192.168.100.0) even with proxy-arp on both interfaces.
 
User avatar
aitsecurity
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Mar 16, 2006 12:28 am
Location: venezuela

Tue May 02, 2006 1:20 am

Ok, I set up the pptp server and I set up my computer to connect. It works, gives me a address of 192.168.100.21 and server address of 192.168.100.20. However I cannot access the inside of that routers network (192.168.100.0) even with proxy-arp on both interfaces.
ok,

put in:

secrets

name: you login example eclipse
password: you password
calle id:
profile:default-encryption
local address: put the IP of you MK (the inside LAN IP)
remote address: of course put other segment example 192.168.20.241
routes: the IP of MK (the inside LAN IP of MK)


the secret of PPTP VPN is the local address, remote address, and routes.

the remote and local address, should be different.

i have 6 MK and use PPTP for go to inside and see the radios in (web) my radios is in the same segment of remote address of course.


Best Regards
Daniel White
 
eclipse
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 30, 2006 8:29 pm

Tue May 02, 2006 4:35 pm

The inside LAN doesnt have an IP on the NIC. Should I add one?
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Tue May 02, 2006 7:10 pm

Yes.
 
eclipse
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 30, 2006 8:29 pm

Tue May 02, 2006 7:41 pm

Can't seem to get it working. I put proxy-arp on ether2, gave it an IP of 192.168.100.2. Gave my pptp client an local ip of 192.168.100.20 and remote of 192.168.100.21 with a route of 192.168.100.2. Connects to the pptp, cannot ping or do anything with the 192.168.100.0/24 subnet.
 
User avatar
aitsecurity
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Mar 16, 2006 12:28 am
Location: venezuela

Tue May 02, 2006 8:03 pm

Can't seem to get it working. I put proxy-arp on ether2, gave it an IP of 192.168.100.2. Gave my pptp client an local ip of 192.168.100.20 and remote of 192.168.100.21 with a route of 192.168.100.2. Connects to the pptp, cannot ping or do anything with the 192.168.100.0/24 subnet.
maybe NOOOO!!

example if ether 2 is a local network (LAN), and the segment is 192.168.100.x/24 and the IP of ether2 is 192.168.100.2/24 the remote you can put 192.168.200.21 with route 192.168.100.2

put in PPTP server enable and use MSCHAPv2 is more secure, msCHAPv1 work but have security issues.

the other interface ether1 is a public interface ? and have a public IP ?


why put proxy-arp in etherface ? i no need this

test again and see ??
 
eclipse
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 30, 2006 8:29 pm

Tue May 02, 2006 8:26 pm

Still cannot access anything on that side. I am connecting to the public (ether1) address for the pptp, but I want to access the devices on ether2. Do i need to make a firewall rule to tell packets to go to ether2?
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Tue May 02, 2006 8:36 pm

Can you ping the LAN interface on the router from the VPN client?

You need proxy-arp on this LAN interface.

You need firewall rules if you have any rules set which would block the VPN traffic. If you have any block rules then log what is dropped then put some rules in to permit the VPN traffic.

I presume the VPN client is connecting OK.

Regards

Andrew
 
eclipse
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 30, 2006 8:29 pm

Tue May 02, 2006 9:49 pm

I can ping the 192.168.100.2 Lan side. But I cannot access anything after that (192.168.100.10 or 11 and so on). There are no firewall rules except masqurade on the lan for 10.10.100.0 subnet going the other direction.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Tue May 02, 2006 10:06 pm

Gave my pptp client an local ip of 192.168.100.20
This will cause problems as the network ID is the same as the remote server LAN. How does the client know which IPs are on the local lan and which are at the other end of the tunnel?

Regards

Andrew
 
eclipse
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Thu Mar 30, 2006 8:29 pm

Tue May 02, 2006 11:38 pm

I mean local address on the mikrotik. I tried without anything in there aswell, still no luck. My actual client machine has a windows auto address in the nic. do I need to add a route to the routing table as well as under the ppp secret?
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Wed May 03, 2006 11:20 am

I would suggest re-reading the documentation carefully as you've probably missed something.

Regards

Andrew

Who is online

Users browsing this forum: achu, bandini981, bpwl and 139 guests