Trying to set up a Mikrotik router as a VoIP h.323 gateway where it is routing traffic back to a remote gatekeeper over PPTP VPN. Having problems getting the VPN to work properly.
I have setup two DHCP subnets 192.168.0.0 and 10.0.1.0 in mikrotik router for wireless access. 192.168.0.0 is a "public"
subnet handing out dynamic IP to access a local web for RADIUS based username/password authentication. Upon successful authentication, a routeable IP in the 10.0.1.0 is assigned. packets from 10.0.1.0 are masqueraded through ether1 interface to get to the internet, and vice versa like the one shown below:
[admin@mikrotik] ip firewall src-nat> add src-address=10.0.1.0/24 \
action=masquerade out-interface=ether1
[admin@mikrotik] ip firewall src-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; masquerade hotspot temporary network
src-address=192.168.0.0/24 action=masquerade
1 src-address=10.0.1.0/24 out-interface=ether1 action=masquerade
[admin@mikrotik] ip firewall src-nat>
Everything works so far so good. What I want to do now is: from 10.0.1.0 network I want to setup a VPN PPTP tunnel back to another VPN 192.168.123.0 network hiding behind a public IP 67.93.250.46 where VPN PPTP server is located inside 192.168.123.0 network. I got a VPN connection time-out.
However, if I plug my laptop to the internet with a public IP, I am able to successfully establish the VPN tunnel. GRE/PPTP 1723 was set up properly on the firewall rotuer of the other side. So, this rules out the possible problem on the other side of the VPN. My questions are:
1. Can we VPN from behind one NAT to another NAT?
2. If so, what needs to be fixed on the mikrotik side? And/or any additional modification needed on the other side of NAT?
