Community discussions

MikroTik App
 
rembro
just joined
Topic Author
Posts: 1
Joined: Mon Nov 22, 2021 11:37 pm

site to site L2TP VPN but LAN devices unable to ping each other

Fri Aug 19, 2022 1:05 am

I have three Mikrotik routers set up for site to site vpn. One router has a static IP from the ISP, the other two are dynamic. The L2TP connections are active and the routers can ping each other. On the LAN side, devices can ping remote routers (LAN IP) but not other devices on the remote LAN's. I have static routes established but must be missing something. I have been reading others talking about pre-routing, NAT rules but they do not seem to solve my issue. There must be a BASIC fix for this. Let me know if you can help. My configs and test below:

Test
Laptop1 (IP = 192.168.0.90) connected to Wat can ping Cam1 and Cam2 but not Laptop2 or Laptop3
Laptop2 (IP = 192.168.4.253) connected to Cam1 can ping Wat and Cam2 but not Laptop1 or Laptop3
Laptop3 (IP = 192.168.3.65) connected to Cam2 can ping Wat and Cam1 but not Laptop1 or Laptop2

Mikrotik L2TP server = Wat
WAN IP = 99.208.71.242
LAN IP = 192.168.0.1

/interface l2tp-server server set authentication=pap,chap,mschap1,mschap2 \ default-profile=default-encryption enabled=yes max-mru=1460 max-mtu=1460 mrru=disabled
/ppp secret add caller-id="" comment="Wat to Cam1 VPN" disabled=no limit-bytes-in=0 \ limit-bytes-out=0 local-address=10.0.16.2 name=cam1 password=******** profile=default-encryption \ remote-address=10.0.16.5 routes="" service=l2tp
/interface l2tp-server add disabled=no name=l2tp-cam1 user=cam1
/ip route add disabled=no distance=1 dst-address=192.168.4.0/24 gateway=10.0.16.5 \ scope=30 target-scope=10

/ppp secret add caller-id="" comment="Wat to Cam2 VPN" disabled=no limit-bytes-in=0 \ limit-bytes-out=0 local-address=10.0.16.2 name=cam2 password=******** profile=-encryption \ remote-address=10.0.16.6 routes="" service=l2tp
/interface l2tp-server add disabled=no name=l2tp-cam2 user=cam2
/ip route add disabled=no distance=1 dst-address=192.168.3.0/24 gateway=10.0.16.6 \ scope=30 target-scope=10

Mikrotik L2TP client 1 = Cam1
WAN IP = dynamic
LAN IP = 192.168.4.1
/interface l2tp-client add add-default-route=no allow=pap,chap,mschap1,mschap2 \ connect-to=99.208.71.242 dial-on-demand=no disabled=no max-mru=1460 \ max-mtu=1460 mrru=disabled name=l2tp-cam1 password=******* profile=default-encryption user=cam1
/ip route add disabled=no distance=1 dst-address=192.168.0/24 gateway=10.0.16.2 scope=30 \ target-scope=10
/ip route add disabled=no distance=1 dst-address=192.168.3.0/24 gateway=10.0.16.6 \ scope=30 target-scope=10

Mikrotik L2TP client 2 = Cam2
WAN IP = dynamic
LAN IP = 192.168.3.1
/interface l2tp-client add add-default-route=no allow=pap,chap,mschap1,mschap2 \ connect-to=99.208.71.242 dial-on-demand=no disabled=no max-mru=1460 \ max-mtu=1460 mrru=disabled name=l2tp-cam2 password=******* profile=default-encryption user=cam2
/ip route add disabled=no distance=1 dst-address=192.168.0/24 gateway=10.0.16.2 scope=30 \ target-scope=10
/ip route add disabled=no distance=1 dst-address=192.168.4.0/24 gateway=10.0.16.5 \ scope=30 target-scope=10

Who is online

Users browsing this forum: 0xAA55, mszru and 44 guests