Community discussions

MikroTik App
 
tmcnulty1982
just joined
Topic Author
Posts: 23
Joined: Sat Feb 13, 2016 11:29 pm

Quickset VPN - router access

Sun Aug 28, 2022 7:59 pm

We enabled the quickset VPN feature. I can connect fine via L2TP / IPsec on a Mac. I can even route all traffic through my VPN and it works fine (public IP changes, sites are accessible, etc.).

I can't however access the router on the 192.168.89.1 or 192.168.88.1 IP addresses. Is there some firewall rule or other change required to enable access to the router?

The quickset documentation states "If you want to access your local network (and your router) from the internet," (emphasis mine, https://wiki.mikrotik.com/wiki/Manual:Quickset#VPN).

Thanks!
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Quickset VPN - router access

Sun Aug 28, 2022 9:19 pm

The firewall is using accesslists (called WAN and LAN) to determine (on the input chain) who can access the router. Probably the VPN IP addresses/interface is not part of LAN and can't therefor access the router.

Did you make any changes on the firewall yourself?
Can you please stop using Quickset (as it could mess up your config)?
 
tmcnulty1982
just joined
Topic Author
Posts: 23
Joined: Sat Feb 13, 2016 11:29 pm

Re: Quickset VPN - router access

Sun Aug 28, 2022 10:07 pm

No other changes beyond quickset. Trying to support someone in setting up their router themselves that I don't have access to.

I see, perhaps if I assign an LT2P Server Binding for the "vpn" user and add it to the LAN interface list it will work! Will try and report back.
 
AidanAus
Member Candidate
Member Candidate
Posts: 177
Joined: Wed May 08, 2019 7:35 am
Location: Australia
Contact:

Re: Quickset VPN - router access

Thu Sep 01, 2022 9:42 am

So big thing with using the server binding interface is that they are usually dynamic so once the user logs out that interface will be gone and once they log back in again unfortunately it will not be picked up as the same interface.

This is an easy fix, if you go to the vpn server and double click on the dynamic binding there should be a copy button just hit that then hit ok or apply, all that is needed to be done in terms of configuration. You will notice their dynamic binding still there but that will go away once they log off and when they log on again they will use the static binding :)
Make sure to set the static binding in the list rather than the dynamic and your interface will be added to the interface list properly.

Who is online

Users browsing this forum: GoogleOther [Bot] and 51 guests