Page 1 of 1
pptp vpn issue
Posted: Mon Mar 24, 2014 3:40 am
by moazdabsheh
i have mikrotik 5.26 on x86
i'm using user manager for pppoe authentication and static ip addressing for some clients with reply-only for arp on lan card.
i'm trying to access wireless devices on the lan to that mikrotik throug h pptp, pptp connection established but i can't ping nor access the wireless devices on that mikrotik, though i can see them on neighborhood using winbox.
there is no filter rules in firewall - nat
what could possibly be wrong ?
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 1:56 pm
by SurferTim
Is the lan in question on the VPN server or the VPN client?
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 2:42 pm
by moazdabsheh
the vpn client, whenever i connect to pptp from outside the network i can't access the devices nor ping it, but when i'm connected to the LAN i can easily even without pptp connection.
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 3:18 pm
by SurferTim
Did you add the route to the localnet in "/ppp secret"? I have multiple networks on my clients, but to access them from my VPN server, I must add the network to "routes". For example, I have two networks on my VPN client test router. 192.168.3.1/24 and 192.168.5.1/24, so I had to add this to my entry in "/ppp secret" on the server, then disconnect and reconnect the VPN client.
/ppp secret
set 0 routes="192.168.3.0/24,192.168.5.0/24"
Check in "/ip route" on the VPN server after the reconnect to insure the new route is added as a dynamic route there.
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 3:49 pm
by moazdabsheh
i just did that and test it and the result is the same, no ping at Ubiqutie access points or even the mikrotik itself.
i noticed that i get subnet for my vpn connection /32 such as 255.255.255.255 !!!
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 3:58 pm
by SurferTim
Did you check the entries in "/ip route" on the server after the reconnect? Here is mine after the reconnect.
172.16.0.2/32 is the ip of the VPN client.
Note the routes for 192.168.3.0/24 and 192.168.5.0/24 have a gateway of 172.16.0.2.
[admin@test] /ip route> pri
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 68.99.58.97 1
1 ADC 68.99.58.96/27 68.99.58.119 ether1 0
2 ADC 172.16.0.2/32 172.16.0.1 mypptp 0
3 DC 192.168.0.0/24 192.168.0.1 wlan1 255
4 ADC 192.168.1.0/24 192.168.1.1 ether2 0
5 DC 192.168.2.0/24 192.168.2.1 ether3 255
6 ADS 192.168.3.0/24 172.16.0.2 1
7 ADS 192.168.5.0/24 172.16.0.2 1
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 4:39 pm
by moazdabsheh
yes, here is mine:
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 4:45 pm
by SurferTim
You know you will not be able to reach any 192.168.0.x ip through that VPN. That ip range is assigned to LAN 1.
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 5:11 pm
by moazdabsheh
no i didn't know.
that's my point of vpn.
what's the solution in this scenario ?
how do I access the 192.168.x.x devices that are connected to LAN 1 interface ?!
I'm trying to access these devices while i'm not on that mikrotik's network.
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 9:16 pm
by SurferTim
how do I access the 192.168.x.x devices that are connected to LAN 1 interface ?!
I'm trying to access these devices while i'm not on that mikrotik's network.
If you are not on the Mikrotik's network, what network are you on?
You set your VPN to accept all 192.168.x.x ips on the VPN client. What subnets are actually there?
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 10:12 pm
by moazdabsheh
Sometimes i'm in the office which is another city, and sometimes i'm home.
Thats why i need to access 192.168.4.x devices on the mikrotik's lan to view it's performance remotly as i'm there.
192.168.4.x for wireless access points and pptp clients.
192.168.0.x for static arp clients
10.10.10.x for pppoe user manager clients
Re: pptp vpn issue
Posted: Mon Mar 24, 2014 11:26 pm
by SurferTim
So your VPN ip 192.168.4.9/32 is also in the same as one of your localnets? I don't think that will work. Do you have a 192.168.4.0/24 localnet somewhere in one of the routers?
Re: pptp vpn issue
Posted: Tue Mar 25, 2014 11:42 am
by moazdabsheh
yes.
at the office i'm on 192.168.1.x/24
and at home i'm on 192.168.5.x/16
what do you suggest? change something ip address?
Re: pptp vpn issue
Posted: Tue Mar 25, 2014 12:41 pm
by SurferTim
yes.
at the office i'm on 192.168.1.x/24
and at home i'm on 192.168.5.x/16
what do you suggest? change something ip address?
Yes. I would change the home setting to 192.168.5.x/24.
In the home router, it shouldn't cause any routing problems because the router will use the network that has the smallest subnet. (/24 is a smaller subnet than /16)
But in the home localnet computers, they will not know about the smaller subnet assigned in the router, so all localnet computers will think the 192.168.1.x ips are local, and will not use the router gateway.
edit: Insure you change the dhcp server on the home localnet so it will issue the correct subnet.
Re: pptp vpn issue
Posted: Tue Mar 25, 2014 3:37 pm
by moazdabsheh
when you say (localnet) you mean the network i'm connected to other than mikrotik's network, right ?
Re: pptp vpn issue
Posted: Tue Mar 25, 2014 3:47 pm
by SurferTim
when you say (localnet) you mean the network i'm connected to other than mikrotik's network, right ?
I'm not sure what you mean.
What make and model router do you have at home?
What make and model router do you have at work?
I'm talking about the localnet on your
home router.
Re: pptp vpn issue
Posted: Tue Mar 25, 2014 3:59 pm
by moazdabsheh
at home i have linksys wrt54g router.
at work we use d-link dsl router.
the mikrotik router is on a network not related to these networks, that's my whole point of vpn, to be able to access the devices connected to the mikrotik while i'm home or at the office.
Re: pptp vpn issue
Posted: Tue Mar 25, 2014 5:09 pm
by SurferTim
Then this is not a Mikrotik issue. However, I can tell you that any router will have problems with your home router setup. You must change the localnet to 192.168.5.x/24, or the localnet will not route correctly to 192.168.1.x/24.
Re: pptp vpn issue
Posted: Tue Mar 25, 2014 5:28 pm
by moazdabsheh
i will change my home router dhcp and gateway settings to 172.20.7.x/24 when i get home and give it a try.
Re: pptp vpn issue
Posted: Thu Mar 27, 2014 1:36 am
by moazdabsheh
i changed the ip address, after pptp client connect i can ping 192.168.4.1 but i can't ping the others on the same subnet !!!
what would be wrong now ?!
Re: pptp vpn issue
Posted: Thu Oct 30, 2014 12:42 am
by moazdabsheh
i still haven't solved this !
any help? someone?
Re: pptp vpn issue
Posted: Thu Oct 30, 2014 8:16 am
by docmarius
You need to do a src-nat on your LAN interface for connection coming from the tunnel.
Devices on the LAN usually don't accept connections from devices outside their subnet.
Also make sure you have forward rules set, allowing traffic between tunnel and LAN, AND from LAN to the tunnel.
Re: pptp vpn issue
Posted: Fri Oct 31, 2014 12:10 am
by moazdabsheh
can you please guide me how to do it since i'm a newbie in Mikrotik ?