MikroTik

Hi all,

Situation:
Location "A": RB450 as PPTP server on bridged ADSL and private subnet 192.168.10.0/24, MS Server, AD.....
Location "B": same subnet (192.168.10.0/24) and single windows PPTP client connecting to location "A" and accessing terminal server (RDP).

As you can suspect after VPN is established there is not much more you can do because all the traffic for 192.168.10.0/ stays within local subnet as it is the same as remote.
At the moment there is no way to change either of the subnet addresses.

What do you suggest as the simplest solution to the problem?

Regards

This is a pretty common scenario...usually you will NAT one side only for traffic that is destined across the VPN. A few mangle rules should fix it up for you.

Hi all,

Situation:
Location "A": RB450 as PPTP server on bridged ADSL and private subnet 192.168.10.0/24, MS Server, AD.....
Location "B": same subnet (192.168.10.0/24) and single windows PPTP client connecting to location "A" and accessing terminal server (RDP).

As you can suspect after VPN is established there is not much more you can do because all the traffic for 192.168.10.0/ stays within local subnet as it is the same as remote.
At the moment there is no way to change either of the subnet addresses.

What do you suggest as the simplest solution to the problem?

Regards

I need to create a solution too for a problem like this.

Sent from my GT-I9100 using Tapatalk 2

If you don't want to mess with routing or NAT, you can put an EOIP tunnel over the VPN. That will join the 2 network segments, however you have to be careful with DHCP because you probably have it on both netowks and now they will conflict with each other ... so you may want to switch to manual configs or use STATIC rules to configure specific MAC addresses. Since you are bridging the networks together, you cannot filter DHCP in the firewall unless you switch on IP FIREWALL for the bridge, but even then I'm not sure how it can be done.

Another possible problem is that you will have a lot of added traffic on your VPN like broadcasts. So if you are on a low bandwidth connection, it might not be the best solution.

This is a pretty common scenario...usually you will NAT one side only for traffic that is destined across the VPN. A few mangle rules should fix it up for you.

I did not quite understand the idea, can you be more specific.

If I was not clear enough, there is only one Mikrotik router, at the "A" location, and on the other side there is single Windows client....

If you don't want to mess with routing or NAT, you can put an EOIP tunnel over the VPN. That will join the 2 network segments, however you have to be careful with DHCP because you probably have it on both netowks and now they will conflict with each other ... so you may want to switch to manual configs or use STATIC rules to configure specific MAC addresses. Since you are bridging the networks together, you cannot filter DHCP in the firewall unless you switch on IP FIREWALL for the bridge, but even then I'm not sure how it can be done.

Another possible problem is that you will have a lot of added traffic on your VPN like broadcasts. So if you are on a low bandwidth connection, it might not be the best solution.

How do you plan to establish EOIP between Wndows client and Mikrotik router??? AFAIK EoIP is possible only between Mikrotik routers !?
Am I right?

This is a pretty common scenario...usually you will NAT one side only for traffic that is destined across the VPN. A few mangle rules should fix it up for you.

I did not quite understand the idea, can you be more specific.

If I was not clear enough, there is only one Mikrotik router, at the "A" location, and on the other side there is single Windows client....

You can configure DST-NAT to represent resources from A as it in different subnet.

How do you plan to establish EOIP between Wndows client and Mikrotik router??? AFAIK EoIP is possible only between Mikrotik routers !?
Am I right?

Well, if you seriously need to connect two networks you will use Mikrotik on both sides of the link. As glucz mentioned you will have to block DHCP to pass through tunnel (it works fine), and possibly some more settings, that you cannot control properly if Mikrotik is not on both sides.

Let the routers do networking and Windows do it's stuff.

At the end with the Windows PPTP client is there anything else on the local subnet that the Windows PC needs access to other than the gateway/router?

If not and if you don't mind the Windows PC accessing the internet via "Location A" then PPTP and proxy-ARP could work until a better solution can be arranged.