Hi,

I would really aprecite the help on this topic if someone can help me with this.

My setup:

Mirkotik box - fresh install, 3 lan interfaces and 1 wireless interface.
2 lan + wireless is working in bridge setup
bridge has IP address range 192.168.1.1/24
DHCP server running on bridge.
Router is connected via HSDPA modem with PPP to Internet.
No firewall rules except NAT from bridge to HSDPA connection.

Everything works till now.

I connect with my laptop via wireless, and I would like to access my office via VPN. ( I have windows client installed on the machine).

I can ping VPN router(office) from my router, and also from the laptop connected via wireless, but I cant establish VPN connection.

Is there something else needed for VPN passthrough? from PC's in local network to connect to corporate VPN router?

Thank you for your help and time...

Try

Hi,

thanks for your reply...

I tried to enable gre, but it gives me this error:

[admin@MikroTik] > /ip firewall service-port enable gre ;
invalid item number
[admin@MikroTik] >
[admin@MikroTik] >


pptp is sucessfuly enabled. VPN still doesent work:

Here is log from VPN client:

18:30:56 Initiating manual connection...
18:30:56 Deleting all existing IKE and IPsec SAs
18:30:56 Reloading security policy
18:30:57 Starting new VPN connection attempt...
18:30:57 Local IKE identity: ID(type = ipv4 (1), len = 4, value = 192.168.1.250)
18:30:57 Initiator's proposing IKE SA payload SA([0] protocol = IKE (1), 3DES, HMAC-SHA1 PRF, HMAC-SHA1-96, 1024 bit MODP; )

Use print before this command.

And see what you have in list (It not the same names in all versions of MT)

here is the print command... dont see gre


[admin@MikroTik] > /ip firewall service-port print
Flags: X - disabled, I - invalid
# NAME PORTS
0 ftp 21
1 tftp 69
2 irc 6667
3 X h323
4 X sip 5060
5061
5 pptp
[admin@MikroTik] >


thanks again for looking into this.

Now I looking in my routers...

In versions 3.xx there is no GRE :/

Sorry!

Can you post your NAT configuration?

here it is...I'm using version 3.22

[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=HSDPA
[admin@MikroTik] >

Try with specified src-addresses... I have 3.22 with hotspot (Service ports.. all enabled by defaulth) and masquerade with specified src-address of my network.
And I don't have problem

no luck . I will try to remove the bridge and configure NAT for only one interface.

BTW: I'm using stonegate client...if someone have experience with that.

Thanks..

I have a client running an older verion of RouterOS on a 532 running NAT (simple)
Just 192.168.0.X/24 > DST=0.0.0.0/0 Action=masquerade.

NO problems...

They are running the Cisco VPN client back to a Cisco VPN appliance...

I have sales reps that visit here that use my RouterOS hotspot and use their VPN regularly, and no issues...

Hi thanks for that...

192.168.0.X/24 > DST=0.0.0.0/0 Action=masquerade this make it working, I didnt have DST adress definet in NAT rule..

thanks again...