Code: Select all
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=Kancl in-interface=bridge1 new-routing-mark=Kancl passthrough=yes src-address-list=XPS
/ip firewall nat
add action=masquerade chain=srcnat dst-address-list=Kancl out-interface=Kancl src-address-list=XPS
add action=masquerade chain=srcnat
/ip route add
disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Kancl pref-src="" routing-table=Kancl scope=30 suppress-hw-offload=no target-scope=10
/routing table
add disabled=no fib name=Kancl
/interface pptp-client
add connect-to=XXX.XXX.XXX.XXX disabled=no name=Kancl user=XXXX
/ip firewall address-list
add address=192.168.88.254 comment=LAN list=XPS
add address=192.168.88.241 comment=WIFI list=XPS
add address=92.62.0.0/16 list=Kancl (public IPs)
add address=100.64.0.0/10 list=Kancl (public IPs)
add address=10.0.0.0/8 list=Kancl (private IPs that is why I am using the VPN)
16:39:12 pptp,ppp,info Kancl: authenticated
16:39:12 pptp,ppp,info Kancl: connected
16:39:12 pptp,ppp,info Kancl: using encoding - MPPE128 stateless
It just stopped working without any changes. I even looked in my backup from November and the config is the same it worked before and there shouldn't be a problem on the end. I can connect via VPN on my PC to that and it works fine.
The FW should be OK too (this is not my standard firewall, I reduced it to a bare minimum):
Code: Select all
/ip firewall filter add
action=fasttrack-connection chain=forward comment="Fasttrack UDP" dst-port=53 hw-offload=yes in-interface=ether1 protocol=udp
add action=fasttrack-connection chain=forward comment="Fasttrack TCP" dst-port=53 hw-offload=yes in-interface=ether1 protocol=tcp
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=accept chain=input comment="allow ICMP" in-interface=ether1 protocol=icmp
add action=accept chain=input comment="allow SSH" in-interface=bridge1 port=22 protocol=tcp
add action=accept chain=input comment="allow Winbox 8291" in-interface=ether1 port=8291 protocol=tcp src-address-list=allowed_to_router
add action=accept chain=input comment="CAPSMANAGER Discovery" in-interface=bridge1 port=5246,5247 protocol=udp
add action=accept chain=input comment=OpnVPN-PASS dst-port=1194 in-interface=ether1 protocol=tcp add action=drop chain=input in-interface=ether1
I thought that FastTrack could be the problem but removing it doesn't help. If I use the pptp client it doesn't work and I can't even access these IPs 92.62.0.0/16 (public range) and 100.64.0.0/10 even though they are public IPs (these IPs are blocked for some reason). I even tried to disable the FW and that didn't work too.