VPN L2TP communicatio between internal lan and vpn client
Posted: Thu Dec 08, 2016 5:29 pm
Hello,
i have a mikrotik at my office which is my main router and gateway to the internet. It's ip address is 192.168.1.2/32 and it serves the 192.168.1.0/24 network. I have succesfully(?) setup a vpn l2tp server that gives to the clients ip addresses from 192.168.100.0/24 network. (I use a dhcp pool with range 192.168.100.10-192.168.100.20). My local address in mikrotik for the vpn is 192.168.100.1/32.
Inside my local lan, i have a PC with firewall turned off, with ip address 192.168.1.21/32. I can normally ping from my internal network (192.168.1.0/24).
I can succesfully connect to my vpn remotely from my iMac and i get ip address of 192.168.100.20/32. I can ping 192.168.100.1 and i can ping other devices in my local network like a NAS drive i have.
But i cannot ping 192.168.1.21/32 machine. It is really strange because i can ping some machines and i cannot some others.
I have added firewall nat rule
Does anybody think something i missed ?
i have a mikrotik at my office which is my main router and gateway to the internet. It's ip address is 192.168.1.2/32 and it serves the 192.168.1.0/24 network. I have succesfully(?) setup a vpn l2tp server that gives to the clients ip addresses from 192.168.100.0/24 network. (I use a dhcp pool with range 192.168.100.10-192.168.100.20). My local address in mikrotik for the vpn is 192.168.100.1/32.
Inside my local lan, i have a PC with firewall turned off, with ip address 192.168.1.21/32. I can normally ping from my internal network (192.168.1.0/24).
I can succesfully connect to my vpn remotely from my iMac and i get ip address of 192.168.100.20/32. I can ping 192.168.100.1 and i can ping other devices in my local network like a NAS drive i have.
But i cannot ping 192.168.1.21/32 machine. It is really strange because i can ping some machines and i cannot some others.
I have added firewall nat rule
Code: Select all
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.100.0/24 src-address=192.168.1.0/24
Code: Select all
/ip firewall filter
add action=accept chain=forward comment="Allow VPN Forwarding" dst-address=192.168.100.0/24 src-address=\
192.168.1.0/24
add action=accept chain=forward dst-address=192.168.1.0/24 src-address=192.168.100.0/24