Community discussions

MikroTik App
 
TigroTikk
just joined
Topic Author
Posts: 2
Joined: Wed May 17, 2023 5:30 pm

RB4011iGS+ with RouterOS 7.x mistiriously NOT routes local-client's traffic to vpn-tunnel

Thu May 18, 2023 2:29 am

Hi averyone!

At home I use the RB4011iGS router with RouterOS 6.49.7. The ether1 port is connected to the ISP, the ether2-ether10 ports are bridged. Client devices, such as desktop PCs, etc., connect to the router through the bridged ports with cables. And wi-fi client devices, such as iPhone, laptop, etc., are connected to the router through an external access point - Apple Time Capsule. The AP is connected to the router through one of the bridged ports with a cable. The access point is configured in a way that there is no additional NAT and/or DHCP between the RB4011iGS and the wi-fi devices.

RB4011iGS configured to route all traffic of client devices to vpn-tunnel. On other side of vpn-tunnel is cloud-hosted server located on the opposite side of the world with RouterOS 7.8 on board and configured as L2TP\IPsec server. Thus, client devices access the Internet through that server.

Everything works perfect with RouterOS 6.x installed on RB4011iGS. But after updating the router to RouterOS 7.x, the Internet on wi-fi devices disappeared, and devices connected via cable still access the Internet through a vpn tunnel.

RB4011iGS+ router configuration:

# RouterOS 7.9
#
# model = RB4011iGS+

/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
set [ find default-name=ether3 ] comment=LAN
set [ find default-name=ether4 ] comment=LAN
set [ find default-name=ether5 ] comment=LAN
set [ find default-name=ether6 ] comment=LAN
set [ find default-name=ether7 ] comment=LAN
set [ find default-name=ether8 ] comment=LAN
set [ find default-name=ether9 ] comment=LAN
set [ find default-name=ether10 ] comment=LAN
set [ find default-name=sfp-sfpplus1 ] disabled=yes

/interface bridge
add comment=LAN name=bridge1

/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether2
add bridge=bridge1 ingress-filtering=no interface=ether3
add bridge=bridge1 ingress-filtering=no interface=ether4
add bridge=bridge1 ingress-filtering=no interface=ether5
add bridge=bridge1 ingress-filtering=no interface=ether6
add bridge=bridge1 ingress-filtering=no interface=ether7
add bridge=bridge1 ingress-filtering=no interface=ether8
add bridge=bridge1 ingress-filtering=no interface=ether9
add bridge=bridge1 ingress-filtering=no interface=ether10

/interface list
add name=local
add name=internet

/interface list member
add interface=bridge1 list=local
add interface=ether1 list=internet

/ip address
add address=x.x.228.211/23 interface=ether1 network=x.x.228.0
add address=192.168.77.1/24 interface=bridge1 network=192.168.77.0

/ip dns
set allow-remote-requests=yes servers=x.x.231.150, x.x.230.150

/ip pool
add name=dhcp_pool0 ranges=192.168.77.0/24

/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 lease-time=10m name=dhcp1 use-framed-as-classless=no

/ip dhcp-server network
add address=192.168.77.0/24 dns-server=192.168.77.1 gateway=192.168.77.1

/ip dhcp-server lease
add address=192.168.77.254 comment=AppleTimeCapsule server=dhcp1
add address=192.168.77.253 comment=DellDesktop server=dhcp1
add address=192.168.77.252 comment=HPDesktop server=dhcp1
add address=192.168.77.251 comment=Laptop server=dhcp1
add address=192.168.77.250 comment=iPhone server=dhcp1

/interface l2tp-client
add allow=mschap2 allow-fast-path=yes connect-to=x.x.193.170 disabled=no max-mru=1500 max-mtu=1500 name=l2tp-out1 use-ipsec=yes user=test

/routing table
add fib name=vpn

/ip route
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ether1
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=l2tp-out1 routing-table=vpn

/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=vpn passthrough=yes src-address-list=LAN

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=internet
add action=masquerade chain=srcnat out-interface=l2tp-out1 routing-mark=vpn

/ip firewall address-list
add address=192.168.77.0/24 comment=AllClients list=LAN
add address=192.168.77.253 comment=DellDesktopOnly list=LAN
add address=192.168.77.252 comment=HPDesktopOnly list=LAN
add address=192.168.77.251 comment=LaptopOnly list=LAN
add address=192.168.77.250 comment=iPhoneOnly list=LAN
 
TigroTikk
just joined
Topic Author
Posts: 2
Joined: Wed May 17, 2023 5:30 pm

Re: RB4011iGS+ with RouterOS 7.x mistiriously NOT routes local-client's traffic to vpn-tunnel

Mon Aug 14, 2023 12:43 am

up!

Who is online

Users browsing this forum: Ahrefs [Bot], BrianTax, own3r1138, st3lios and 65 guests