Answer the question
In order to leave comments, you need to log in
M
M
maks-andreev2016-10-07 15:07:25
maks-andreev, 2016-10-07 15:07:25
Mikrotik's local network is unavailable. What could be the reason?
L2TP and OVPN servers are raised on the VPS. An L2TP client is up on Mikrotik. Home PC is an OVPN client. From Mikrotik, pings go to the vpn of the client. From the vpn of the client, only the L2TP interface of Mikrotik is pinged, pings do not go to the local network of Mikrotik. What's wrong?
List of interfaces on the server
eth0 - смотрит в интернет
tun0 - Openvpn туннель 10.10.10.0/24
ppp0 - l2tp туннель 10.10.11.2-10.10.11.6Routes on the server.
netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 55.83.62.1 0.0.0.0 UG 0 0 0 eth0
55.83.62.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.10.11.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.10.12.0 0.0.0.0 255.255.255.0 U 0 0 0 ppp0iptables -n -L -v --line-numbers
Chain INPUT (policy ACCEPT 14 packets, 1777 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 3148 427K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 9 5114 ACCEPT all -- * * 10.10.11.0/29 0.0.0.0/0
3 1 84 ACCEPT all -- * * 0.0.0.0/0 10.10.11.0/29
4 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
5 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Chain OUTPUT (policy ACCEPT 14 packets, 1620 bytes)
num pkts bytes target prot opt in out source destinationip_forward = 1Routes on the OVPN client
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.10.11.0 10.10.10.1 255.255.255.0 UG 0 0 0 tun0
10.10.12.0 0.0.0.0 255.255.255.0 UH 0 0 0 tun0Tracing from vpn client to mikrotik local network
~$ traceroute 10.10.12.24
traceroute to 10.10.12.24 (10.10.12.24), 30 hops max, 60 byte packets
1 10.10.10.1 (10.10.10.1) 47.490 ms 94.475 ms 94.491 ms
2 10.10.11.2 (10.10.11.2) 141.637 ms 141.668 ms 141.670 ms
3 * * *
4 * * *Mikrotik routes.
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 64.83.21.1 1
1 ADC 64.83.21.0/22 64.83.21.12 eth1 0
2 X S 10.10.10.0/24 l2tp-out1 1
3 ADC 10.10.11.1/32 10.10.11.2 l2tp-out1 0
4 ADC 10.10.12.0/24 10.10.12.1 bridge-local 0 2 answer(s)
@solalex
S
solalex, 2016-10-08 @solalex
If the local network in Mikrotik is behind nat, then packet forwarding should be allowed on it, well, there should be a route on the server to the Mikrotik local network, with a registered gateway, and you have it 0.0.0.0
Similar questions
A
K
J
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question