Mikrotik PPTP passthrough
Posted: Fri Jul 25, 2014 11:58 am
Hi
I'm running a small WISP and I have an RB1100 as my main gateway router. It connects to the internet via PPPoE, and makes this connection available to a small admin subnet (10.10.10.1/24) via NAT. My users connect to it via PPPoE using a different subnet, but this is not relevant for my question.
I want to be able to connect to my work VPN via PPTP when I am connected to the Mikrotik in my small admin subnet. So I want the Mikrotik to allow PPTP passthrough to an external VPN server somewhere on the internet.
Out of the box, PPTP passthrough didn't work at all. After lots of googling, I added the following firewall rule to the FORWARD chain (nb the FORWARD chain was empty before):
chain=forward action=accept protocol=gre
This works (sort of). I can now connect to my external VPN server, which assigns me an address on its own internal subnet (192.168.100.1/24) via DHCP. I can browse the internet, and my apparent IP address is the address of my remote PPTP server, as expected.
However, I can't reach any other machine in my remote PPTP server's internal subnet (192.168.100.1/24) - it looks like there is some sort of routing problem.
My VPN connection works as expected and I can see the entire 192.168.100.1/24 subnet if I connect from any other internet connection - ie this problem is specific to my Mikrotik.
Has anyone got any ideas? Sorry if I haven't explained the issue clearly - I'm new here.
I'm running a small WISP and I have an RB1100 as my main gateway router. It connects to the internet via PPPoE, and makes this connection available to a small admin subnet (10.10.10.1/24) via NAT. My users connect to it via PPPoE using a different subnet, but this is not relevant for my question.
I want to be able to connect to my work VPN via PPTP when I am connected to the Mikrotik in my small admin subnet. So I want the Mikrotik to allow PPTP passthrough to an external VPN server somewhere on the internet.
Out of the box, PPTP passthrough didn't work at all. After lots of googling, I added the following firewall rule to the FORWARD chain (nb the FORWARD chain was empty before):
chain=forward action=accept protocol=gre
This works (sort of). I can now connect to my external VPN server, which assigns me an address on its own internal subnet (192.168.100.1/24) via DHCP. I can browse the internet, and my apparent IP address is the address of my remote PPTP server, as expected.
However, I can't reach any other machine in my remote PPTP server's internal subnet (192.168.100.1/24) - it looks like there is some sort of routing problem.
My VPN connection works as expected and I can see the entire 192.168.100.1/24 subnet if I connect from any other internet connection - ie this problem is specific to my Mikrotik.
Has anyone got any ideas? Sorry if I haven't explained the issue clearly - I'm new here.