Community discussions

MikroTik App
 
nashzxc1
just joined
Topic Author
Posts: 9
Joined: Mon Dec 13, 2021 8:06 am

STUCK AT, CANT ACCESS SSTP VPN CLIENTS!

Fri Mar 17, 2023 4:06 am

Hi guys i currently have a mikrotik with 2 WAN and i set it up to Let WAN 1 for internet and WAN 2 for VPN SERVER and i did it, the clients now can connect to my sstp server but i cant access them please help guys cuz im stuck here and in firewall>connections i see the connection in syn-sent only,. the vpn client is already active in interface. and this is my configuration.


# mar/17/2023 09:57:26 by RouterOS 6.48
# software id = 6E25-ABKL
#
# model = RB750Gr3
# serial number = CC210CB189D0
/interface bridge add name=bridge-lan
/interface bridge add name=bridge-pppoe
/interface ethernet set [ find default-name=ether1 ] comment=LAN name=ether1-LAN
/interface ethernet set [ find default-name=ether2 ] comment=PC name=ether2-LAN
/interface ethernet set [ find default-name=ether3 ] comment=PPPoE name=ether3-PPPoE
/interface ethernet set [ find default-name=ether4 ] arp=proxy-arp comment="ISP2"
/interface ethernet set [ find default-name=ether5 ] comment="ISP1"
/interface list add name=WAN
/interface list add name=LAN
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip pool add comment=LAN name=dhcp ranges=192.168.88.2-192.168.88.254
/ip pool add name=vpn-pool ranges=192.168.12.2-192.168.12.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge-lan lease-time=1d name=dhcp1
/interface bridge port add bridge=bridge-pppoe interface=ether3-PPPoE
/interface bridge port add bridge=bridge-lan interface=ether2-LAN
/interface bridge port add bridge=bridge-lan interface=ether1-LAN multicast-router=disabled
/interface bridge settings set use-ip-firewall-for-pppoe=yes
/ip neighbor discovery-settings set discover-interface-list=LAN protocol=lldp,mndp
/ip settings set accept-redirects=yes
/interface l2tp-server server set default-profile=default
/interface list member add interface=bridge-lan list=LAN
/interface list member add interface=ether5 list=WAN
/interface list member add interface=ether4 list=WAN
/interface ovpn-server server set auth=sha1 certificate=server cipher=aes128,aes192,aes256 default-profile=vpn-profile
/interface pppoe-server server add authentication=pap disabled=no interface=bridge-pppoe max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PPPoE-Server
/interface sstp-server server set enabled=yes force-aes=yes pfs=yes
/ip address add address=27.110.165.72/8 comment=igate interface=ether4 network=27.0.0.0
/ip address add address=192.168.88.1/24 interface=bridge-lan network=192.168.88.0
/ip arp add address=192.168.88.248 interface=bridge-lan mac-address=FC:AA:14:BD:2B:A5
/ip arp add address=192.168.88.239 interface=bridge-lan mac-address=88:D7:F6:C6:ED:53
/ip arp add address=192.168.88.122 interface=bridge-lan mac-address=1C:3B:F3:45:22:61
/ip arp add address=192.168.88.222 interface=bridge-lan mac-address=1C:3B:F3:45:22:61
/ip cloud set update-time=no
/ip dhcp-client add add-default-route=no disabled=no interface=ether5
/ip dhcp-server lease add address=192.168.88.226 client-id=1:30:9c:23:d:e2:47 mac-address=30:9C:23:0D:E2:47 server=dhcp1
/ip dhcp-server lease add address=192.168.88.222 client-id=1:1c:3b:f3:45:22:61 mac-address=1C:3B:F3:45:22:61 server=dhcp1
/ip dhcp-server network add address=192.168.88.0/24 dns-server=1.1.1.1 gateway=192.168.88.1
/ppp profile add local-address=192.168.12.1 name=vpn-profile remote-address=vpn-pool
/ip dns set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list add address=192.168.77.0/24 list=block-ip
/ip firewall address-list add address=192.168.77.2 disabled=yes list=block-ip
/ip firewall filter add action=accept chain=input in-interface=ether4
/ip firewall filter add action=accept chain=input dst-port=443 in-interface=ether4 protocol=tcp
/ip firewall filter add action=accept chain=input in-interface=ether4 protocol=gre
/ip firewall filter add action=accept chain=output disabled=yes
/ip firewall filter add action=accept chain=forward disabled=yes
/ip firewall mangle add action=accept chain=prerouting connection-state=established,related
/ip firewall mangle add action=accept chain=prerouting connection-state=established,related in-interface=ether4
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=new in-interface=ether4 new-connection-mark=C_WAN1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=C_WAN1 new-routing-mark=to-igate passthrough=yes
/ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall nat add action=masquerade chain=srcnat comment=ISP out-interface-list=WAN
/ip route add check-gateway=ping distance=2 gateway=27.110.169.50 routing-mark=to-igate
/ip route add distance=1 gateway=192.168.1.1
/ip route add check-gateway=ping distance=2 gateway=27.110.169.50
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes port=8000
/ip service set ssh disabled=yes port=65535
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/ppp secret add name=sstptest profile=vpn-profile service=sstp
/routing filter add chain=dynamic-in disabled=yes set-routing-mark=to-igate
/system clock set time-zone-name=Asia/Manila
/system identity set name=NashISP
/system ntp client set enabled=yes primary-ntp=129.6.15.29 secondary-ntp=202.90.132.242
/system package update set channel=testing
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: STUCK AT, CANT ACCESS SSTP VPN CLIENTS!

Fri Mar 17, 2023 7:48 am

can u ping it?
what is outcome of tracert?

ot top of my head , maybe u missed the route or there is a mtu issue
 
nashzxc1
just joined
Topic Author
Posts: 9
Joined: Mon Dec 13, 2021 8:06 am

Re: STUCK AT, CANT ACCESS SSTP VPN CLIENTS!

Sun Mar 19, 2023 4:10 am

Yes i can ping it and heres the result in traceroute
with routing table.PNG
no routing table.PNG
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: anav, broderick, Kuitz, synchro, xrlls and 93 guests