S
S
sm1tt2016-09-03 09:12:36
Mikrotik
sm1tt, 2016-09-03 09:12:36

How to properly configure VPN on Mikrotik for VEEAM to work properly?

Good afternoon, help with solving the problem, in the main office MIKROTIK CRS125-24G-1S-IN, a PPTP server is set up on it, a remote computer is connected to Mikrotik, acting as a replica server, using VEEAM B&R 9. The bottom line is that the remote the computer pings, I can access its share, my network is visible from the remote computer, as it should be, but VEEAM, when trying to replicate the virtual machine, swears at the closed port 2500 on the remote machine, and accordingly replication does not work, while the remote server is added to the infrastructure. Before Mikrotik, there was a SOHO router ASUS RT-N66U, with which there were no such problems. How do you need to correctly configure the firewall and NAT rules on Mikrotik in order for replication to work? Network on Mikrotik 192.168.1.1/22 on the remote computer, the address is static, not from the pool: 192.168.1.200.
Current filtering rules:

chain=input action=accept protocol=tcp dst-port=1723
chain=forward action=accept protocol=gre
chain=forward action=accept protocol=tcp dst-port=445
chain=input action=accept protocol=icmp
chain=forward action=accept protocol=icmp
chain=input action=accept connection-state=established
chain=forward action=accept connection-state=established
chain=input action=accept connection-state=related
chain=forward action=accept connection-state=related                        
chain=input action=drop connection-state=invalid
chain=forward action=drop connection-state=invalid

NAT rules:
chain=srcnat action=masquerade out-interface=eth1-wan

Answer the question

In order to leave comments, you need to log in

1 answer(s)
S
sm1tt, 2016-09-03
@sm1tt

In the course of searching for reasons, I found out that I can contact a remote host connected via VPN (192.168.1.214) without problems only if my network is 192.168.1.0/22, if my network is 192.168.3.0/22, then this remote host is no longer I can connect, the solution was to add a NAT rule
chain=srcnat action=masquerade out-interface=all-ppp

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question