Community discussions

MikroTik App
 
cwm9
just joined
Topic Author
Posts: 18
Joined: Sun Mar 12, 2023 7:35 pm

Networking noob: How do I forward packets to a VPN client?

Sun Mar 12, 2023 7:41 pm

I have created an L2TP VPN server to which a windows client is attached.

I need to be able to connect to this remote VPN client with Remote Desktop from the LAN. I can connect to clients on the LAN from the VPN'ed machine using Remote Desktop, but I cannot connect to the VPN'ed machine from the LAN using Remote Desktop.

I'm confused, because all clients are on the same subnet, and I would have thought the packets would have automatically been routed to the correct destination. I assume I have to somehow tell RouterOS to route packets addressed to the VPN'ed machine (at 192.168.1.201 ) to the L2TP tunnel, but I am at a loss as to how to do this and am having difficulty finding a tutorial (or, at least, recognizing which tutorial is the right tutorial) to use.

I had some people suggest I move the VPN to a different subnet and that this alone might make it work. I don't know how to do that, either. I'd really like to understand why it works one way and not the other, how I would make it work this way (even if it isn't the best way, just so I can learn), and how to do it with another subnet if that is, indeed, the right way to do it.

I set up the VPN as follows:

- On the PPP -> Interface tab, pressed L2TP Server button
- On the General tab:
- Enabled
- Default Profile: default-encryption (because I want traffic encrypted)
- Use IPsec: required (because I want user the name and user password encrypted)
- IPsec Secret: my randomly chosen preshared key, used to encrypt the username and password, if I understand correctly
- On the PPP -> Profiles tab, edited the default-encryption entry:
- On the General tab:
- Local Address: set to the LAN address of my Mikrotik router (192.168.1.1)
- Remote Address: left blank because I want each client to have a specific IP rather than getting a random IP from an IP pool
- DNS Server: set to the LAN address of my Mikrotik router (192.168.1.1)
- On the Protocols Tab:
- Set Use Encryption to required
- On the PPP -> Secrets tab, added one account:
- Name: name of VPN user
- Password: User password
- Service: l2tp
- Profile: default-encryption
- VPN static Address: 192.1688.1.201 (LAN dhcp IP pool set to 192.168.1.101 - 192.168.1.200 , LAN static range assignment range is 192.168.1.2 - 192.168.1.200 , router is 192.168.1.1)
- On windows machine, created VPN connection, changed automatic type to L2TP/IPsec + Pre Shared Key, entered WAN address of router + user name and password + pre shared key
- Upon connection, Mikrotik automatically creates a L2TP Server Binding which is torn down upon connection close

Thanks!

Who is online

Users browsing this forum: rarlup and 45 guests