Hi,
I have a mikrotik B2011 plugged in to my BT infinity Modem, Port ether6 connects PPPOE and ether 4 is my firewall.
PPPOE gets DHCP from network and my devices have static IP's assigned.
We have a site to site VPN which will not come up, it worked when I used port ether1 but I had speed issues with that port so used ether6 instead, this fixed my speed issues but broke my VPN and guide on where to go next please.
Re: VPN not working
Hi,
what do you mean by "Port ether6 connects PPPOE and ether 4 is my firewall."?
Is this schematic correct?
BT Modem LAN port <=> eth6 RB2011 eth4 <=> firewall <=> yout local network
Is the IP address obtained correctly on the RB2011 eth6 port? Is it a public IP or private? Do you have internet access from the RB2011? Can you post the output of /ip route print?
what do you mean by "Port ether6 connects PPPOE and ether 4 is my firewall."?
Is this schematic correct?
BT Modem LAN port <=> eth6 RB2011 eth4 <=> firewall <=> yout local network
Is the IP address obtained correctly on the RB2011 eth6 port? Is it a public IP or private? Do you have internet access from the RB2011? Can you post the output of /ip route print?
Re: VPN not working
Yes thats correct, PPPOE has got a DHCP address from the ISP of 81.x.x.x and Eth 4 isin a bridge with IP Address 217.x.x.38/255.255.255.248 which is my router address.
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 81.x.x.1 11 ADC 81.x.x.1/32 81.x.x.101 BTInfinity 02 ADC 217.x.x.32/29 217.x.x.38 bridge-local 0
[admin@4Sight] >>
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 81.x.x.1 11 ADC 81.x.x.1/32 81.x.x.101 BTInfinity 02 ADC 217.x.x.32/29 217.x.x.38 bridge-local 0
[admin@4Sight] >>
Re: VPN not working
Check under interface --> bridge --> port and check if ether6 has been added tot he list.
If ether 1 is there then remove that one and repalce with ether6
Also check if ether1 had ip address assigned to it and change it to ether 6
If ether 1 is there then remove that one and repalce with ether6
Also check if ether1 had ip address assigned to it and change it to ether 6
Re: VPN not working
Is the mac address of your firewall visible in /interface bridge host print?
Is the mac address and IP address of the firewall visible in /ip arp print?
Is the firewall anyhow accessible (for example by ping, if it answers ICMP probes) from your LAN subnet (217.x.x.32/29) or from the internet?
Which side of the VPN initiates it? Is it your firewall or the other side? You can try /tool packet sniffer to see if the traffic is visible.
Have you checked the logs of the firewall? Do they say anything?
Is the mac address and IP address of the firewall visible in /ip arp print?
Is the firewall anyhow accessible (for example by ping, if it answers ICMP probes) from your LAN subnet (217.x.x.32/29) or from the internet?
Which side of the VPN initiates it? Is it your firewall or the other side? You can try /tool packet sniffer to see if the traffic is visible.
Have you checked the logs of the firewall? Do they say anything?
-
-
tavanajafar
just joined
- Posts: 9
- Joined:
Re: VPN not working
Are you have Valid IP Address in each side routers ?
if you have tow IP Valid in each router you can easily run EOIP Tunnel and have a Layer 2 Connection !
but if you dont have IP Valid in each Router , you can easily set PPTP Server Enable in your Router(must have Valid IP address for Transport your Traffic in Internet Structure) , and Create Secret in Your Router then set Remote IP Address and Local Address and in other side create PPTP Client !
(Sorry Sorry .... My English Language is very bad
)
if you have tow IP Valid in each router you can easily run EOIP Tunnel and have a Layer 2 Connection !
but if you dont have IP Valid in each Router , you can easily set PPTP Server Enable in your Router(must have Valid IP address for Transport your Traffic in Internet Structure) , and Create Secret in Your Router then set Remote IP Address and Local Address and in other side create PPTP Client !
(Sorry Sorry .... My English Language is very bad
) Re: VPN not working
Is the mac address of your firewall visible in /interface bridge host print? YES
Is the mac address and IP address of the firewall visible in /ip arp print? YES
Is the firewall anyhow accessible (for example by ping, if it answers ICMP probes) from your LAN subnet (217.x.x.32/29) or from the internet? YES the firewall is accessable from the 217.x.x.x subnet
Which side of the VPN initiates it? Is it your firewall or the other side? You can try /tool packet sniffer to see if the traffic is visible.
Have you checked the logs of the firewall? Do they say anything?
The Firewall initiates the VPN on the untrusted side, A Packet trace shows packets being sent but nothing returning.
Is the mac address and IP address of the firewall visible in /ip arp print? YES
Is the firewall anyhow accessible (for example by ping, if it answers ICMP probes) from your LAN subnet (217.x.x.32/29) or from the internet? YES the firewall is accessable from the 217.x.x.x subnet
Which side of the VPN initiates it? Is it your firewall or the other side? You can try /tool packet sniffer to see if the traffic is visible.
Have you checked the logs of the firewall? Do they say anything?
The Firewall initiates the VPN on the untrusted side, A Packet trace shows packets being sent but nothing returning.
Re: VPN not working
The packet trace was done where? On which device & interface?
What about the firewall being accessible from the internet?
What about the firewall being accessible from the internet?
Re: VPN not working
The firewall responds to a ping from the Internet, Packet trace is done on the firewall external interface.
Re: VPN not working
Check under interface --> bridge --> port and check if ether6 has been added tot he list.
If ether 1 is there then remove that one and repalce with ether6
Also check if ether1 had ip address assigned to it and change it to ether 6
-
-
tavanajafar
just joined
- Posts: 9
- Joined:
Re: VPN not working
so you can create new VPN Connection to your PC or Laptop and test it in your LAN(Connect to ether1 port of your router directly), and check it ! are you can connect to your VPN Server(Router) ?
Re: VPN not working
Try to sniff packets on the RB, on it's WAN interface. Apply a filter for the firewall IP address and check if the traffic is visible.The firewall responds to a ping from the Internet, Packet trace is done on the firewall external interface.
Re: VPN not working
Strangly enough half of this seems to have fixed it
Check under interface --> bridge --> port and check if ether6 has been added tot he list.
If ether 1 is there then remove that one and repalce with ether6
Also check if ether1 had ip address assigned to it and change it to ether 6
Although Eth1 was disabled and not plugged in or being used it was still in the bridge, I removed it and all is working, Not sure I understand why but Im happy its working.
Thanks.
Check under interface --> bridge --> port and check if ether6 has been added tot he list.
If ether 1 is there then remove that one and repalce with ether6
Also check if ether1 had ip address assigned to it and change it to ether 6
Although Eth1 was disabled and not plugged in or being used it was still in the bridge, I removed it and all is working, Not sure I understand why but Im happy its working.
Thanks.
Re: VPN not working
Was ether6 already added to bridge ports?
Great glad it solved it.
DOnt forget the karma
Great glad it solved it.
DOnt forget the karma
Re: VPN not working
So how come the firewall was accessible, visible in the bridge table and ARP table, huh?