Answer the question
In order to leave comments, you need to log in
MiktoTik port forwarding to a remote network via l2tp?
Good afternoon.
I came across a seemingly simple, but, as it turned out, not very, question, a brief description of the task
There are two locations connected via vpn (l2tp + ipsec).
The 1st point (M) has an external ip-address, the 2nd point (C) has a gray address It is
necessary to organize port forwarding to access the video surveillance recorder, which is located on the C network through the external ip of the M network
I understand that the topic seems hackneyed , I re-read a bunch of information, but I didn’t get an unambiguous understanding, so I can’t set up this scheme at a qualitative level so that I can understand the physics of the process =)
As a result, I want to do this - I enter the external ip in the browser: the port of the M router and by vpn I get to the C network registrar, for example 1.1.1.1:33333
What settings are there now
Router M
White ip 1.1.1.1
vpn l2tp server 172.16.110.1
Internal network 10.0.0.1/24
ip firewall nat for port forwarding
add action=dst-nat chain=dstnat dst-port=33333 in-interface-list= Wan protocol=\
tcp to-addresses=172.16.110.2 #The
leaf interface is used because several providers are connected to router M
add action=masquerade chain=srcnat dst-address-list=CamsS out-interface=\
L2tpS #I
made an address list to limit the purposes of masquerading
ip route
add comment="Route to S" distance=1 dst-address =10.50.0.0/25 gateway=172.16.110.2
#Custom route to remote network
ip route rule
add dst-address=10.50.0.0/25 table=main #just
in case, I always add local networks to the general routing table Router
C
Gray ip from provider
vpn l2tp client 172.16.110.2
Internal network 10.50.0.0/25
ip route
add comment=" Route to M" distance=1 dst-address=10.0.0.0/24 gateway=\
172.16.110.1 #Reverse
route
ip route rule
add dst-address=10.0.0.0/24 table=main
#add router M network to table routing
ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 #masquerade
network-wide
add action=dst-nat chain=dstnat in-interface=L2tp-M-VL protocol=tcp \
to-addresses=10.50.0.100 to-ports=80 #port
forwarding to the registrar itself on the 80th port
There is routing between networks, everything works, everything opens, shows, etc.
But there are interesting stories at the external address, for example, when you enter 1.1.1.1:33333, you can request a login / password and after entering "go into yourself" i.e. Nothing happens.
Please help me figure out the settings, what is missing, or do I need to do it differently?
UPD
I found suitable articles that describe my case:
https://mikrotik.me/blog-MulltiWan-access-to-via-V...
https://open-networks.ru/d/93-mikrotik-probros -por...
But, this did not clarify the situation, but confused it even more .. I
still count on help and advice on setting up =)
Answer the question
In order to leave comments, you need to log in
Advice first. In order not to create confusion, you must first set up all the routing; check that there really are no jambs with routing left; after that proceed to the NAT setup.
Now to the point.
add action=masquerade chain=srcnat dst-address-list=CamsS out-interface=\What do we include in CamsS?
L2tpS
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question