Hello, I have Mikrotik RB2011 with 1 port WAN (eth1 77.X.X.X) and LAN on bridge (eth 2-5 192.168.5.250). On the router running pptp server and clients connect remotely to the network (and it works well)I have a problem with ping between remote clients (client to client). How it should look like.
Mikrotik ver 6.19
[admin@MikroTik] /ip route> pri
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 77.X.X.X 1
1 ADC 77.X.X.X/29 77.X.X.X WAN 0
2 ADC 192.168.5.0/24 192.168.5.250 bridge-local 0
3 ADC 192.168.5.161/32 192.168.5.250 <pptp-ppp2> 0
4 ADC 192.168.5.165/32 192.168.5.250 <pptp-ppp1> 0
Re: Routing between client pptp
Do you have a question?
Re: Routing between client pptp
Yes, why can't I send a ping from the client 1 to client 2
Re: Routing between client pptp
Set bridge-local to proxy-arp, then it should work.
-Chris
-Chris
Re: Routing between client pptp
New facts!
When client 1 is mikrotik I can ping it client 2 (windows), but not vice versa.
From client 2(windows) i can ping only serwer 192.168.5.250.
From client 1(mikrotik) I can ping serwer and client 2 (windows)
When client 1 is mikrotik I can ping it client 2 (windows), but not vice versa.
From client 2(windows) i can ping only serwer 192.168.5.250.
From client 1(mikrotik) I can ping serwer and client 2 (windows)
Re: Routing between client pptp
By default windows blocks ping packets maybe you should check your win fw to enable icmp
-
-
AlexeyBerdnikov
just joined
- Posts: 2
- Joined:
Re: Routing between client pptp
Hi! Do you have any solution?
I have exactly the same problem. Server is runnning on CentOS (10.0.0.1). There are several clients (10.0.0.10-10.0.0.254) connected to it (WIN7, MacOS, Linux hosts, ASUS routers etc.) Each client binded to unique IP.
I can make ping from client to client from any host to any. All of them send ICMP ping echo response to each other, except Mikrotik cause I can ping Mikrotik only from the server. The same issue with WinBox and HTTP access. I can gain access to MikroTik only from PPTP server
If I use any device with login/pass pair instead of MikroTik ping is ok.
I traced the issue at the server side using tcpdump:
No. Time Source Destination Protocol Length Info
400 3.926313 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=0/0, ttl=63 (reply in 403)
403 3.929820 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=0/0, ttl=64 (request in 400)
524 4.931374 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=1/256, ttl=63 (reply in 525)
525 4.934794 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=1/256, ttl=64 (request in 524)
727 5.934409 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=2/512, ttl=63 (reply in 728)
728 5.937937 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=2/512, ttl=64 (request in 727)
930 6.934468 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=3/768, ttl=63 (reply in 936)
936 6.937835 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=3/768, ttl=64 (request in 930)
1125 7.935633 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=4/1024, ttl=63 (reply in 1158)
1158 8.063030 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=4/1024, ttl=64 (request in 1125)
And for MikroTik I have next:
No. Time Source Destination Protocol Length Info
3 0.007684 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3091/4876, ttl=63 (no response found!)
11 1.010959 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3092/5132, ttl=63 (no response found!)
25 2.014842 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3093/5388, ttl=63 (no response found!)
28 3.015787 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3094/5644, ttl=63 (no response found!)
39 4.019958 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3095/5900, ttl=63 (no response found!)
40 5.025024 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3096/6156, ttl=63 (no response found!)
I tried enable proxy-arp at bridge interface. No result. I see that Mikrotik gets the ICMP requests:
log of ICMP coming from client looks like:
01:50:18 firewall,info input: in:StrongVPN out:(none), proto ICMP (type 8, code 0), 10.0.0.101->10.0.0.19, len 84
log of ICMP coming from server looks like:
01:42:32 firewall,info input: in:StrongVPN out:(none), proto ICMP (type 8, code 0), 10.0.0.1->10.0.0.19, len 84
The difference in that the server gets echo responses while clients can not...
The same with remote access. As I already explained It works now only for server.
Any help appreciated! Thank you all in advance!
Regards,
Alexey
I have exactly the same problem. Server is runnning on CentOS (10.0.0.1). There are several clients (10.0.0.10-10.0.0.254) connected to it (WIN7, MacOS, Linux hosts, ASUS routers etc.) Each client binded to unique IP.
I can make ping from client to client from any host to any. All of them send ICMP ping echo response to each other, except Mikrotik cause I can ping Mikrotik only from the server. The same issue with WinBox and HTTP access. I can gain access to MikroTik only from PPTP server
- ping from MikroTik (client) ---> Mac OS (client) is OK;
ping from MikroTik (client) ---> WIN7 (client) is OK;
ping from MikroTik (client) ---> Linux (several clients) is OK;
ping from WIN7 (client) ---> Mac OS (client) is OK;
ping from MAC OS (client) ---> WIN7 (client) is OK;
ping from MAC OS (client) ---> Linux (several clients) is OK;
ping from Server -----> MikroTik (client) is OK
MikroTik (client) OK --> Server is OK
Ping from any client ---> MikroTik is Fail
If I use any device with login/pass pair instead of MikroTik ping is ok.
I traced the issue at the server side using tcpdump:
No. Time Source Destination Protocol Length Info
400 3.926313 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=0/0, ttl=63 (reply in 403)
403 3.929820 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=0/0, ttl=64 (request in 400)
524 4.931374 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=1/256, ttl=63 (reply in 525)
525 4.934794 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=1/256, ttl=64 (request in 524)
727 5.934409 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=2/512, ttl=63 (reply in 728)
728 5.937937 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=2/512, ttl=64 (request in 727)
930 6.934468 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=3/768, ttl=63 (reply in 936)
936 6.937835 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=3/768, ttl=64 (request in 930)
1125 7.935633 10.0.0.101 10.0.0.15 ICMP 100 Echo (ping) request id=0x350e, seq=4/1024, ttl=63 (reply in 1158)
1158 8.063030 10.0.0.15 10.0.0.101 ICMP 100 Echo (ping) reply id=0x350e, seq=4/1024, ttl=64 (request in 1125)
And for MikroTik I have next:
No. Time Source Destination Protocol Length Info
3 0.007684 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3091/4876, ttl=63 (no response found!)
11 1.010959 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3092/5132, ttl=63 (no response found!)
25 2.014842 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3093/5388, ttl=63 (no response found!)
28 3.015787 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3094/5644, ttl=63 (no response found!)
39 4.019958 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3095/5900, ttl=63 (no response found!)
40 5.025024 10.0.0.101 10.0.0.19 ICMP 100 Echo (ping) request id=0xf403, seq=3096/6156, ttl=63 (no response found!)
I tried enable proxy-arp at bridge interface. No result. I see that Mikrotik gets the ICMP requests:
log of ICMP coming from client looks like:
01:50:18 firewall,info input: in:StrongVPN out:(none), proto ICMP (type 8, code 0), 10.0.0.101->10.0.0.19, len 84
log of ICMP coming from server looks like:
01:42:32 firewall,info input: in:StrongVPN out:(none), proto ICMP (type 8, code 0), 10.0.0.1->10.0.0.19, len 84
The difference in that the server gets echo responses while clients can not...
The same with remote access. As I already explained It works now only for server.
Any help appreciated! Thank you all in advance!
Regards,
Alexey
Re: Routing between client pptp
Hi, A make like this:
chain=srcnat action=masquerade src-address-list=lan dst-address-list=lan
log=no log-prefix=""
And address-list name "lan" with all ip
10.0.1.0/24
192.168.3.0/24
It's work for me perfect. I can ping between network and pptp client
chain=srcnat action=masquerade src-address-list=lan dst-address-list=lan
log=no log-prefix=""
And address-list name "lan" with all ip
10.0.1.0/24
192.168.3.0/24
It's work for me perfect. I can ping between network and pptp client