My goal is to "couple" my own network with that of 1 or 2 other friends to have some way of sending a 'secure' (encrypted) backup to each other. At first I am experimenting 'locally' but I already have some troubles getting everything to work.
I've used this tutorial:
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP
Note: both accesspoints are in my local network (192.168.1.0/24) however they "think" this is "the internet"
Note2: just to test i have NO firewall rules on both my accespoints
Note3: local lan is on eth1-gateway, device is on eth5
ap1 ('sever')
/interface print
Code: Select all
[admin@ap1.home.mattie-systems.nl] > interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="ether1-gateway" default-name="ether1" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=4076 mac-address=00:0C:42:FA:6B:C6 fast-path=yes
1 RS name="ether2-master-local" default-name="ether2" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=00:0C:42:FA:6B:C7 fast-path=yes
2 S name="ether3-slave-local" default-name="ether3" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=00:0C:42:FA:6B:C8 fast-path=yes
3 S name="ether4-slave-local" default-name="ether4" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=00:0C:42:FA:6B:C9 fast-path=yes
4 RS name="ether5-slave-local" default-name="ether5" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=00:0C:42:FA:6B:CA fast-path=yes
5 S name="wlan1" default-name="wlan1" type="wlan" mtu=1500 l2mtu=2290 mac-address=00:0C:42:FA:6B:CB fast-path=no
6 DR name="<pptp-Home>" type="pptp-in" mtu=1460 fast-path=no
7 R name="bridge-local" type="bridge" mtu=1500 l2mtu=1598 mac-address=00:0C:42:FA:6B:C7 fast-path=no
Code: Select all
[admin@ap1.home.mattie-systems.nl] > ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.101.1/24 network=192.168.101.0 interface=ether2-master-local actual-interface=bridge-local
1 D address=192.168.1.21/24 network=192.168.1.0 interface=ether1-gateway actual-interface=ether1-gateway
2 D address=172.16.1.1/32 network=172.16.1.2 interface=<pptp-Home> actual-interface=<pptp-Home>
Code: Select all
[admin@ap1.home.mattie-systems.nl] > ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 gateway-status=192.168.1.1 reachable via ether1-gateway distance=1 scope=30 target-scope=10 vrf-interface=ether1-gateway
1 ADC dst-address=172.16.1.2/32 pref-src=172.16.1.1 gateway=<pptp-Home> gateway-status=<pptp-Home> reachable distance=0 scope=10
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.21 gateway=ether1-gateway gateway-status=ether1-gateway reachable distance=0 scope=10
3 ADC dst-address=192.168.101.0/24 pref-src=192.168.101.1 gateway=bridge-local gateway-status=bridge-local reachable distance=0 scope=10
4 ADS dst-address=192.168.102.0/24 gateway=172.16.1.2 gateway-status=172.16.1.2 reachable via <pptp-Home> distance=1 scope=30 target-scope=10
Code: Select all
[admin@ap1.home.mattie-systems.nl] > interface pptp-server print detail
Flags: X - disabled, D - dynamic, R - running
0 DR name="<pptp-Home>" user="Home" mtu=1460 mru=1460 client-address="192.168.1.20" uptime=9m18s encoding=""
Code: Select all
[admin@ap1.home.mattie-systems.nl] > interface pptp-server export
# may/17/2014 12:54:42 by RouterOS 6.13
# software id = xxx-IWxx
#
/interface pptp-server server
set authentication=mschap2 default-profile=default enabled=yes max-mru=1460 max-mtu=1460
Code: Select all
[admin@ap1.home.mattie-systems.nl] > ppp secret print detail
Flags: X - disabled
0 name="Home" service=pptp caller-id="" password="123" profile=default local-address=172.16.1.1 remote-address=172.16.1.2 routes="192.168.102.0/24 172.16.1.2 1" limit-bytes-in=0 limit-bytes-out=0
last-logged-out=jan/01/1970 00:00:00
And now from ap 2 (client)
Code: Select all
[admin@ap2.home.mattie-systems.nl] > interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="ether1-gateway" default-name="ether1" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=4076 mac-address=00:0C:42:FA:6B:6C fast-path=yes
1 RS name="ether2-master-local" default-name="ether2" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=00:0C:42:FA:6B:6D fast-path=yes
2 S name="ether3-slave-local" default-name="ether3" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=00:0C:42:FA:6B:6E fast-path=yes
3 S name="ether4-slave-local" default-name="ether4" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=00:0C:42:FA:6B:6F fast-path=yes
4 RS name="ether5-slave-local" default-name="ether5" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028 mac-address=00:0C:42:FA:6B:70 fast-path=yes
5 RS name="wlan1" default-name="wlan1" type="wlan" mtu=1500 l2mtu=2290 mac-address=00:0C:42:FA:6B:71 fast-path=no
6 R name="bridge-local" type="bridge" mtu=1500 l2mtu=1598 mac-address=00:0C:42:FA:6B:6D fast-path=no
7 R name="pptp-out1" type="pptp-out" mtu=1460 fast-path=no
Code: Select all
[admin@ap2.home.mattie-systems.nl] > ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.102.1/24 network=192.168.102.0 interface=ether2-master-local actual-interface=bridge-local
1 D address=192.168.1.20/24 network=192.168.1.0 interface=ether1-gateway actual-interface=ether1-gateway
2 D address=172.16.1.2/32 network=172.16.1.1 interface=pptp-out1 actual-interface=pptp-out1
Code: Select all
[admin@ap2.home.mattie-systems.nl] > ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 gateway-status=192.168.1.1 reachable via ether1-gateway distance=1 scope=30 target-scope=10 vrf-interface=ether1-gateway
1 ADC dst-address=172.16.1.1/32 pref-src=172.16.1.2 gateway=pptp-out1 gateway-status=pptp-out1 reachable distance=0 scope=10
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.20 gateway=ether1-gateway gateway-status=ether1-gateway reachable distance=0 scope=10
3 A S dst-address=192.168.101.0/24 gateway=pptp-out1 gateway-status=pptp-out1 reachable distance=1 scope=30 target-scope=10
4 ADC dst-address=192.168.102.0/24 pref-src=192.168.102.1 gateway=bridge-local gateway-status=bridge-local reachable distance=0 scope=10
Code: Select all
[admin@ap2.home.mattie-systems.nl] > ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 gateway-status=192.168.1.1 reachable via ether1-gateway distance=1 scope=30 target-scope=10 vrf-interface=ether1-gateway
1 ADC dst-address=172.16.1.1/32 pref-src=172.16.1.2 gateway=pptp-out1 gateway-status=pptp-out1 reachable distance=0 scope=10
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.20 gateway=ether1-gateway gateway-status=ether1-gateway reachable distance=0 scope=10
3 A S dst-address=192.168.101.0/24 gateway=pptp-out1 gateway-status=pptp-out1 reachable distance=1 scope=30 target-scope=10
4 ADC dst-address=192.168.102.0/24 pref-src=192.168.102.1 gateway=bridge-local gateway-status=bridge-local reachable distance=0 scope=10
So:
Now what's wrong:
I cannot ping from a device on ap1 (192.168.101.100) to a device on ap2 (192.168.102.100). I CAN ping to ap1 (.101.1) from ap2 from within the router itself.
What am i doing wrong?
edit:
from a client on ap1 i can also ping to the 'internal' ip of ap2
so: from 192.168.101.100 ping -> 192.168.102.2
however I can NOT ping from 192.168.101.100 -> 192.168.102.100
