MikroTik

Posted: **Fri Apr 30, 2010 9:00 pm**

When connected to home router over VPN from foreign address, cannot access machines on home LAN. Routing table is:

#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          10.100.1.1         1       
 1 ADC  10.100.1.0/24      10.100.1.235    backhaul           0       
 2 ADC  70[redacted]/27    70.[redacted]   backhaul           0       
 3 ADC  192.168.1.0/24     192.168.1.1     ranch-house        0       
 4 X S  192.168.1.0/24     192.168.1.129   ranch-house        1       
 5 ADC  192.168.1.129/32   192.168.1.128   remote-login       0       
 6 A S  192.168.3.0/24     192.168.3.43    NIC-to-MT          1       
 7 ADC  192.168.3.40/32    192.168.3.43    NIC-to-MT          0

(Rule 4 is a manual rule I tossed in to try to finesse the problem, then disabled. I tried it for both 128 and 129, with no success.)

PC's IP address is 192.168.1.129. Address scan tool reports presence of 192.168.1.1, 128, and 129 only, but nothing else. Traceroute to 192.168.1.10 using either ICMP or TCP shows first step is 192.168.1.128, then nothing further. Problem does not seem to be firewall, as there are no rejections being logged when I enable rejection logging. I feel like I'm missing something basic.

Posted: **Sat May 01, 2010 12:03 am**

Use separate subnets for the VPN connections i.e. 172.16.1.1/24 for the VPN and 172.16.2.1/24 for the LAN. Make sure the VPN connection is set to use the remote gateway for all address resolution and also make sure you have mangle enabled.

Get away from the traditional 192.168.x.x subnets - Your problem could potentially be going through a router for your remote internet connection that also uses a 192.168.1.x subnet...

Posted: **Sat May 01, 2010 2:36 am**

Use separate subnets for the VPN connections i.e. 172.16.1.1/24 for the VPN and 172.16.2.1/24 for the LAN

Or use pptp bridge with proxy-arp

Posted: **Sat May 01, 2010 5:49 am**

Perhaps I don't understand what is meant by "use pptp bridge with proxy-arp." I used this strategy previously to connect several routers running a distributed LAN, but I can't make it work here. I can create a bridge and add the ranch-house interface to it, but when I try to add the remote-login interface to it I get told "input does not match any value of interface."

jwcn's answer makes some sense to me. I do realize that if there is a 192.168.1.0/24 net in my "physical" address space before I get into the VPN, I'm hosed (that's been the case before, but not today). My route command is reporting that all 192.168.1.0/24 accesses are being resolved through the VPN, and indeed three of them work (just not an interesting three). But I have no idea why mangle would be necessary to make this work, or how to go about using it to do that. (So far I've used it only to implement PCQ queues.)

Posted: **Sat May 01, 2010 8:23 am**

If subnet is same then change local subnet. This should not be problem.

MikroTik

Need routing help

Need routing help

Re: Need routing help

Re: Need routing help

Re: Need routing help

Re: Need routing help