Community discussions

MikroTik App
 
zaiclopz
just joined
Topic Author
Posts: 10
Joined: Fri Jul 07, 2017 6:48 pm

VPN P2P + L2TP clients.

Fri Oct 29, 2021 4:12 pm

First of all, hello.

My setup contains three locations, A, B, C.
Locations B and C are conected via IPSEC to location A.
Also on location A, there are about 5 users set with L2TP for remote access.

Location A can ping anything from location B or C.
B can ping location A but can not location C.
C can ping location A but can not location B.
And all L2TP can ping location A but can not location B and C.

Now my questions are what needs to be done so that L2TP users when connected to location A, can also ping location B and C.
And what needs to be done so that location B can ping location C, and the way back.

Any help would be apreciated, thanks.
 
zaiclopz
just joined
Topic Author
Posts: 10
Joined: Fri Jul 07, 2017 6:48 pm

Re: VPN P2P + L2TP clients.

Fri Nov 12, 2021 3:25 pm

Really? Nobody with a solution? :)
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: VPN P2P + L2TP clients.

Fri Nov 12, 2021 4:56 pm

you need to add static route, or play with dynamic roughing protocol like RIP & OSPF
 
zaiclopz
just joined
Topic Author
Posts: 10
Joined: Fri Jul 07, 2017 6:48 pm

Re: VPN P2P + L2TP clients.

Mon Nov 15, 2021 11:29 am

Ok, i will be more specific..

Site A has LAN 192.168.1.0/24
Site B has LAN 192.168.30.0/24

Site A and B are connected via IPsec tunel, everything ok.
Site A is also L2TP server.

Client connects to site A and gets ip from 172.20.0.0/24 ( configured for L2TP clients )
Client can ping 192.168.1.0/24 but can not ping 192.168.30.0/24.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: VPN P2P + L2TP clients.

Mon Nov 15, 2021 11:23 pm

put this way, you should have static/dynamic route to be able to reach other site.(as long as they have different range).
If they have same , that is different story (you need to play with NAT).

I'm saying by theory how should be.
I didn't see your config to tell you where you making mistake
 
zaiclopz
just joined
Topic Author
Posts: 10
Joined: Fri Jul 07, 2017 6:48 pm

Re: VPN P2P + L2TP clients.

Tue Nov 16, 2021 12:52 pm

Hard to put in practice.. :))
 
zaiclopz
just joined
Topic Author
Posts: 10
Joined: Fri Jul 07, 2017 6:48 pm

Re: VPN P2P + L2TP clients.

Sat Nov 27, 2021 10:36 pm

Practical ideas, please.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: VPN P2P + L2TP clients.

Sat Nov 27, 2021 11:25 pm

A practical idea is to post the current configurations of A and B.

You say that A and B are connected using bare IPsec, which means that traffic to be sent via the tunnel is choosen by traffic selectors of IPsec policies. If there is no policy between the pool (subnet) from which you assign addresses to L2TP clients of A and the LAN subnet(s) of B, it is logical that L2TP clients of A cannot reach the LAN subnet of B.

Or the above is done properly but some firewall rules at A or B block the traffic coming from the L2TP clients of A.

There are tens of reasons why it may not work, but no one can advise you what to do without seeing what you've already done.
 
zaiclopz
just joined
Topic Author
Posts: 10
Joined: Fri Jul 07, 2017 6:48 pm

Re: VPN P2P + L2TP clients.

Sun Nov 28, 2021 3:13 pm

You are right, there is no policy set for L2TP pool on site A, that directs to LAN pool on site B.
This is why i was asking, what is the right way.
I will play with settings more, if not i wil post the config for other ideeas.

Thanks,

Who is online

Users browsing this forum: fibracapi and 78 guests