[mikrotik] How to allow VPN/IPsec traffic to see my network?

G

gDaniCh2016-04-28 11:58:49

VPN

gDaniCh, 2016-04-28 11:58:49

Good day! Essence:
There are 2 offices:
1. Mikrotik with a network 192.168.0.0/24
2. Some tricky d-link 192.168.96.0/20
VPN / IPsec is raised between us:
In the ipip-tunnel interfaces
Further Peer's rules
Everything is great, he sees my gateway and for some reason only statically registered ip-addresses and only on windows, i.e. there is an asterisk with static - it does not see it. He also does not see users with dynamic ip.
I, in turn, remarkably ping its entire network, but for example, I can no longer access the web interface of the sip phone.
I ask for the help of experts in routing and firewall rules for help.
[UPD]
I solved 1 problem, I see dynamic users on Windows from his network by manipulating the 192.168.96.0/20 route to his network not via the ipip-tunnel interface, but via the bridge.
PS Do not throw stones! Yes, the settings on Mikrotik are left-handed. :(

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexander, 2016-04-28
@NeiroNx

I made a pool for VPN from the same range as for DHCP. In Mikrotik, you need to add a route to the long network and the gateway will be the IP issued by the vpn to the connection. There should also be a rule allowing FORWARD from Mikrotik's local network.

S

Sergey Livitin, 2016-04-28
@Livitin

ARP-proxy is on the interface that looks into the network? Is it weak to draw a schematic at least with squares and clouds?