Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Roc272019-03-17 14:29:27
VPN
Roc27, 2019-03-17 14:29:27

How to set up internet via pptp in Mikrotik?

Hello.
The network structure is as follows:
192.168.88.1 - mikrotik. It has PPPoE Internet connection "1". On Mikrotik, a DHCP server was raised, according to which the main gateway is the second router.
192.168.88.2 is the second router. He has internet "2" connected to his wan.
All network devices access the Internet through "2", and get to "1" only when devices access a specific ip-address.
It all works well, no problems.
It took me that through "1" they would connect to me via pptp and use the Internet "2", and ideally have access to shared folders on my network (192.168.88.0/24).
2 days of torment and I could not defeat this Mikrotik.
Users connect successfully, but they do not have access to the Internet, there is also no ping to 8.8.8.8 (the timeout for the request has been exceeded). At the same time, in WinBox in Interfaces it is clear that in Tx and Rx packets run on any requests.
It is possible that Mikrotik sends everyone to the Internet "1" when it is necessary to "2", or some rules prevent the packets from reaching the end device.
How can this problem be solved?

firewall filter print
> /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept src-address-list=(внешний IP "1") in-interface=tap1-wa>
log=no log-prefix=""
1 chain=output action=accept dst-address-list=(внешний IP "1")
out-interface=tap1-wan log=no log-prefix=""
2 chain=forward action=accept protocol=tcp src-port=3389 log=no log-prefix=">
3 chain=forward action=accept protocol=tcp dst-port=3389 log=no log-prefix=">
4 chain=input action=accept protocol=gre log=no log-prefix=""
5 chain=input action=accept protocol=tcp dst-port=1723 log=no log-prefix=""
6 chain=input action=accept protocol=tcp in-interface=tap1-wan dst-port=1723
log=no log-prefix=""
7 chain=input action=accept protocol=icmp log=no log-prefix=""
8 chain=output action=accept protocol=icmp log=no log-prefix=""
9 chain=forward action=accept protocol=icmp log=no log-prefix=""
10 chain=input action=drop protocol=tcp dst-port=80 log=no log-prefix=""
11 chain=input action=accept log=no log-prefix=""
12 chain=forward action=accept log=no log-prefix=""
13 chain=input action=accept protocol=udp log=no log-prefix=""
14 chain=forward action=accept protocol=udp log=no log-prefix=""
15 chain=input action=accept protocol=udp port=1701,500,4500 log=no
log-prefix=""

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
E
Evgeny Podolsky, 2019-04-18
@steelratty1987

Hello! Haven't solved the problem yet? The post was a long time ago. Did you check routes with PPTP clients? What addresses do you assign to them and what are the restrictions in the forward chain on Mikrotik "1"?

Similar questions
V
venturka2017-08-16 19:08:42
What are the analogues of openvpn with the ability to give access to a vpn connection only to selected applications? 1Reply
S
squidw2017-08-28 21:09:29
Why is DFS not available after VPN IKEv2 connection? 2Reply
E
Elvis2017-09-01 10:27:52
Which laptop to choose for remote work via VPN? 1Reply
S
SGanabiS2017-09-02 14:07:46
How to organize communication between openvpn clients? 1Reply
A
AkZwork2017-09-04 20:33:41
How to protect yourself from VPN leaks on Android? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question