MikroTik

Hello to all!

In "PPP" module in tab "Interface" I created new "PPTP Server" (pptp-in1) for user "user1". Then I made enabled "PPTP Server" (using checkbox). Then in tab "Secrets" I created new "user1" with "Local Address" = "192.168.200.1" and "Remote Address" = "192.168.200.200". VPN connection from Windows client works normally.

In "IP->Firewall->Filter Rules" created two rules:
"Chain" = "forward", "In.Interface" = "pptp-in1", "Out.Interface" = "local_ether2", "Action" = "accept"
"Chain" = "forward", "In.Interface" = "local_ether2", "Out.Interface" = "pptp-in1", "Action" = "accept"

Therefore, I can ping from 192.168.200.200 (vpn client) to 192.168.200.x (office lan) but can't ping back.

When "user1" was created with "Remote Address" = "192.168.100.200" (for example) ping going well in both ways. I think this is routing issue.

Can anybody tell me what is wrong in my configuration and show right one?

Thanks in advance,
Konstantin.

have you enabled Proxy ARP on your ether interface?

have you enabled Proxy ARP on your ether interface?

Yes, I have. You mean local_ether?

yes, local_ether.

so, you can ping in one direction, and at the same time cannot ping in another one? maybe check you firewall?..

yes, local_ether.

so, you can ping in one direction, and at the same time cannot ping in another one? maybe check you firewall?..

Yes, can ping in one direction only...

looks to me like a firewall issue. Try to disable all drop rules in your firewall and check if you can ping then.

or maybe even NAT or load balancing helps to mess up things...

Drop rules are disabled. The same...

what does tracert show? look at your mangle rules - maybe you're routing those packets to the Internet, not to your VPN client...

Here two routes, they are created dynamically. May be here is some contradiction?
Tracert show only asterisks...

Cos when route2 is for 192.168.100.50, it works...

mangle, mangle =)

Mangle rules: