MikroTik

Posted: **Fri Sep 06, 2019 3:49 pm**

My Mikrotik roter has LAN ip range : 192.168.0.0/24
My router connects to een vpn server. My router has client vpn ip address 192168.200.2
The VPN server has ip address 192.168.200.1
An other vpn client has ip address 192.168.200.4

From my Mikrotik router I can ping 192.168.200.1 and 192.168.200.4
But the clients behind the Mikrotik router can ping 192.168.200.1 but cannot ping 192.168.200.4

My firewall is not the problem. Even with the firewall accept all (inbound outbound and forward) it doesn't work.

Ping from my vpn server to 192.168.200.2 and 192.168.200.4 works fine.
Ping to 192.168.0.0/24 works fine too.

Does anyone has an idea ?

Posted: **Fri Sep 06, 2019 4:23 pm**

The other side doesn't know your internal network, to resolve you need to setup src natting on your vpn interface (src-nat or masq)

Posted: **Fri Sep 06, 2019 4:58 pm**

I did that.

But why can my router ping 192.168.200.1 (vpn server)
And my vpn server kan ping my pc on lan 192.168.0.2

2019-09-06_16-38-19.jpg

2019-09-06_16-38-03.jpg

2019-09-06_16-37-51.jpg

2019-09-06_16-37-44.jpg

Posted: **Fri Sep 06, 2019 5:55 pm**

for masq, out interface should be the vpn interface not ether1
don't use srcaddress list on the rule & just nat all going out over vpn -> less potential for issues

Posted: **Fri Sep 06, 2019 6:31 pm**

Hi,

thx but
when I use this one :

2019-09-06_17-28-36.jpg

I can ping 192.168.200.1

But my internet connection for the clients 192.168.0.0./24 don't work anymore.

How can I make 2 src nat rules ?

Posted: **Fri Sep 06, 2019 6:35 pm**

I think I found it.

2019-09-06_17-34-20.jpg

Is this correct ?

Posted: **Fri Sep 06, 2019 7:53 pm**

don't see/have the details, but vpn needs to be src-nat, and if your internet uplink probably as well, so in that sense it might be

MikroTik

Routing problem.

Routing problem.

Re: Routing problem.

Re: Routing problem.

Re: Routing problem.

Re: Routing problem.

Re: Routing problem.

Re: Routing problem.