Question I have a PPTP server set up everything works perfect on my remote site i have 5 RB951Ui2HnD and 5 Engenius Access Points.
The remote site is set up as a hotspot. My remote range is 172.21.0.0/16 and my access points have static ip's ranging from 172.21.10.11 - 172.21.10.20 The 5 first are Mikrotik Access Points the rest 5 are the engenius. >From the server side i can ping 172.21.10.16 - 172.21.10.20 (engenius access points) I can't ping 172.21.10.11-172.21.10.15 (the mikrotik access points). Doing a traceroute to 172.21.10.11-15 shows me that the VPN assigned IP is prohibiting access to it. I have added 172.21.10.11 to the IP Binding section with no success. I have added 172.21.10.11 to the walled garden section with no success. I can ping and access the remote client gateway 172.21.1.1 proxy arp is active Am i missing something out? Do i have to setup some special firewall rule on these access points? Locally the mikrotik access points ping fine and work fine. Any help would be much appreciated. Config as follows *Server/interface bridgeadd arp=proxy-arp l2mtu=1598 name=Local/interface ethernetset [ find default-name=ether1 ] name=WAN/interface pppoe-clientadd ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \ default-route-distance=1 dial-on-demand=yes disabled=no interface=WAN \ keepalive-timeout=60 max-mru=1460 max-mtu=1460 mrru=1600 name=pppoe-out1 \ password=guest service-name=VODAFONE use-peer-dns=yes [email protected] <[email protected]>/ip hotspot user profileset [ find default=yes ] idle-timeout=none keepalive-timeout=2m \ mac-cookie-timeout=3d/ip pooladd name=pool1 ranges=192.168.0.1-192.168.0.253add name="VPN Pool" ranges=10.0.0.1-10.0.0.253/ip dhcp-serveradd address-pool=pool1 disabled=no interface=Local name=server1/ppp profileadd dns-server=8.8.8.8,4.4.4.4 local-address=192.168.0.254 name=Sotos \ remote-address=192.168.0.218add dns-server=8.8.8.8,4.4.4.4 local-address=192.168.0.254 name=Mirage \ remote-address=10.0.0.1add dns-server=8.8.8.8,4.4.4.4 local-address=192.168.0.254 name="VPN Profile" \ remote-address=192.168.0.216add dns-server=8.8.8.8,4.4.4.4 local-address=192.168.0.254 name=Moschos \ remote-address=192.168.0.217add local-address=192.168.0.254 name=Athena remote-address=192.168.0.220add dns-server=8.8.8.8,4.4.4.4 local-address=192.168.0.254 name=Kporta \ remote-address=192.168.0.221add dns-server=8.8.8.8,4.4.4.4 local-address=192.168.0.254 name=Florida \ remote-address=192.168.0.223add dns-server=8.8.8.8 local-address=192.168.0.254 name=Semiramis \ remote-address=192.168.0.224 wins-server=4.4.4.4/interface bridge portadd bridge=Local interface=ether2add bridge=Local interface=ether3add bridge=Local interface=ether4add bridge=Local interface=ether5/interface pptp-server serverset authentication=pap,chap,mschap1,mschap2 enabled=yes max-mru=1460 max-mtu=\ 1460/ip addressadd address=192.168.0.254/24 <http://192.168.0.254/24> interface=Local network=192.168.0.0/ip dhcp-server networkadd address=192.168.0.0/24 <http://192.168.0.0/24> gateway=192.168.0.254/ip dnsset allow-remote-requests=yes servers=8.8.8.8,4.4.4.4/ip firewall filteradd chain=input dst-port=1723 protocol=tcpadd chain=input protocol=gre/ip firewall mangleadd action=strip-ipv4-options chain=postrouting protocol=tcp src-port=8291/ip firewall natadd action=masquerade chain=srcnat out-interface=WANadd action=masquerade chain=srcnat src-address=192.168.0.0/24 <http://192.168.0.0/24>/ip routeadd distance=1 dst-address=10.1.1.0/24 <http://10.1.1.0/24> gateway=192.168.0.221add distance=1 dst-address=172.21.0.0/16 <http://172.21.0.0/16> gateway=10.0.0.1add distance=1 dst-address=172.31.0.0/16 <http://172.31.0.0/16> gateway=192.168.0.217add distance=1 dst-address=172.41.0.0/16 <http://172.41.0.0/16> gateway=192.168.0.220add distance=1 dst-address=172.51.0.0/16 <http://172.51.0.0/16> gateway=192.168.0.224add distance=1 dst-address=172.61.0.0/16 <http://172.61.0.0/16> gateway=192.168.0.223add distance=1 dst-address=192.168.2.0/24 <http://192.168.2.0/24> gateway=192.168.0.216/ip serviceset telnet disabled=yesset ftp disabled=yesset ssh disabled=yesset api disabled=yes/ip upnpset allow-disable-external-interface=no/ppp secretadd local-address=192.168.0.254 name=admin password=15901590 profile=\ "VPN Profile" service=pptpadd local-address=192.168.0.254 name=sotos password=15901590 profile=Sotos \ service=pptpadd local-address=192.168.0.254 name=mirage password=15901590 profile=Mirage \ remote-address=10.0.0.1 service=pptpadd local-address=192.168.0.254 name=moschos password=15901590 profile=Moschos \ service=pptpadd local-address=192.168.0.254 name=athina password=15901590 profile=Athena \ service=pptpadd local-address=192.168.0.254 name=kporta password=15901590 profile=Kporta \ service=pptpadd local-address=192.168.0.254 name=florida password=15901590 profile=Florida \ service=pptpadd local-address=192.168.0.254 name=semiramis password=15901590 profile=\ Semiramis service=pptp/system identityset name=MultiCom[admin@MultiCom] > * *client/interface bridgeadd arp=proxy-arp l2mtu=1598 name=bridge1/interface ethernetset [ find default-name=ether1 ] name=WAN1/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip firewall layer7-protocoladd name=torrentsites regexp="^.*(get|GET).+(torrent|\r\ \n\r\ \nthepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|\r\ \n\r\ \ntorrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|\r\ \n\r\ \nentertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|\r\ \n\r\ \nflixflux|seedpeer|fenopy|gpirate|commonbits).*\$\r\ \n\r\ \n"/ip hotspot profileset [ find default=yes ] login-by=http-pap split-user-domain=yesadd hotspot-address=172.21.1.1 login-by=http-pap name=hsprof1 \ split-user-domain=yes/ip hotspot user profileset [ find default=yes ] add-mac-cookie=no idle-timeout=30m keepalive-timeout=\ 2m rate-limit=300K/3000K shared-users=253add add-mac-cookie=no idle-timeout=15m keepalive-timeout=2m name=uprof1 \ shared-users=5/ip ipsec proposalset [ find default=yes ] enc-algorithms=3des/ip pooladd name=hs-pool-6 ranges=172.21.0.1-172.21.1.0,172.21.1.2-172.21.255.254/ip dhcp-serveradd address-pool=hs-pool-6 disabled=no interface=bridge1 lease-time=1h name=\ dhcp1/ip hotspotadd address-pool=hs-pool-6 disabled=no idle-timeout=30m interface=bridge1 name=\ hotspot1 profile=hsprof1/interface pptp-clientadd add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=\ 62.38.115.137 dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=\ 1460 max-mtu=1460 mrru=1600 name=pptp-out1 password=15901590 profile=\ default user=mirage/system logging actionset 0 memory-lines=100set 1 disk-lines-per-file=100/interface bridge portadd bridge=bridge1 interface=ether2add bridge=bridge1 interface=ether3add bridge=bridge1 interface=ether4add bridge=bridge1 interface=ether5/ip addressadd address=192.168.100.200/24 <http://192.168.100.200/24> interface=WAN1 network=192.168.100.0add address=172.21.1.1/16 <http://172.21.1.1/16> interface=bridge1 network=172.21.0.0/ip cloudset update-time=no/ip dhcp-server networkadd address=172.21.0.0/16 <http://172.21.0.0/16> comment="hotspot network" gateway=172.21.1.1/ip dnsset allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=512 \ servers=208.67.222.123,208.67.220.123/ip firewall filteradd action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \ disabled=yesadd action=drop chain=forward comment=torrentsites layer7-protocol=torrentsites \ src-address=172.21.0.0/16 <http://172.21.0.0/16>add action=drop chain=forward comment=dropDNS dst-port=53 layer7-protocol=\ torrentsites protocol=udp src-address=172.21.0.0/16 <http://172.21.0.0/16>add action=drop chain=forward comment=keyword_drop content=torrent src-address=\ 172.21.0.0/16 <http://172.21.0.0/16>add action=drop chain=forward comment=trackers_drop content=tracker \ src-address=172.21.0.0/16 <http://172.21.0.0/16>add action=drop chain=forward comment=get_peers_drop content=getpeers \ src-address=172.21.0.0/16 <http://172.21.0.0/16>add action=drop chain=forward comment=info_hash_drop content=info_hash \ src-address=172.21.0.0/16 <http://172.21.0.0/16>add action=drop chain=forward comment=announce_peers_drop content=\ announce_peers src-address=172.21.0.0/16 <http://172.21.0.0/16>add action=drop chain=forward comment=p2p_drop p2p=all-p2p src-address=\ 172.21.0.0/16 <http://172.21.0.0/16>/ip firewall mangleadd action=strip-ipv4-options chain=postrouting protocol=tcp src-port=8291/ip firewall natadd action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \ disabled=yesadd action=masquerade chain=srcnat out-interface=pptp-out1add action=masquerade chain=srcnat src-address=192.168.100.0/24 <http://192.168.100.0/24>add action=masquerade chain=srcnat out-interface=WAN1add action=masquerade chain=srcnat comment="masquerade hotspot network" \ src-address=172.21.0.0/16 <http://172.21.0.0/16>/ip hotspot ip-bindingadd mac-address=E8:94:F6:ED:0E:34 type=bypassedadd mac-address=A4:17:31:5D:F6:FD type=bypassedadd mac-address=E8:94:F6:DF:19:EC type=bypassedadd mac-address=18:CF:5E:55:03:89 type=bypassedadd mac-address=00:EB:2D:D7:F5:A2 type=bypassedadd mac-address=00:24:D7:14:6F:44 type=bypassedadd address=172.21.10.11 mac-address=D4:CA:6D:05:FD:50 server=hotspot1 \ to-address=172.21.10.11 type=bypassedadd address=172.21.10.12 mac-address=D4:CA:6D:06:CE:C6 server=hotspot1 \ to-address=172.21.10.12 type=bypassedadd address=172.21.10.13 server=hotspot1 to-address=172.21.10.13 type=bypassedadd address=172.21.10.14 server=hotspot1 to-address=172.21.10.14 type=bypassedadd address=172.21.10.15 server=hotspot1 to-address=172.21.10.15 type=bypassedadd address=172.21.10.16 server=hotspot1 to-address=172.21.10.16 type=bypassedadd address=172.21.10.17 server=hotspot1 to-address=172.21.10.17 type=bypassedadd address=172.21.10.18 server=hotspot1 to-address=172.21.10.18 type=bypassedadd address=172.21.10.19 server=hotspot1 to-address=172.21.10.19 type=bypassedadd address=172.21.10.20 server=hotspot1 to-address=172.21.10.20 type=bypassedadd address=172.21.10.21 server=hotspot1 to-address=172.21.10.21 type=bypassedadd address=172.21.10.22 server=hotspot1 to-address=172.21.10.22 type=bypassed/ip hotspot useradd name=mirage password=2468013570add name=stavros password=1590 profile=uprof1/ip hotspot walled-gardenadd comment="place hotspot rules here" disabled=yesadd dst-host=static.ess.apple.com <http://static.ess.apple.com> path=/connectivity.txtadd dst-host=captive.apple.com <http://captive.apple.com>add dst-host=www.appleiphonecell.com <http://www.appleiphonecell.com>add dst-host=*.apple.com <http://apple.com>add dst-host=www.itools.info <http://www.itools.info>add dst-host=www.ibook.info <http://www.ibook.info>add dst-host=www.airport.us <http://www.airport.us>add dst-host=www.thinkdifferent.us <http://www.thinkdifferent.us>add dst-host=*.apple.com.edgekey.net <http://apple.com.edgekey.net>add dst-host=*.akamaiedge.net <http://akamaiedge.net>add dst-host=*.akamaitechnologies.com <http://akamaitechnologies.com>add dst-host=gsp1.apple.com <http://gsp1.apple.com>/ip hotspot walled-garden ipadd action=accept disabled=no dst-address=172.21.10.11-172.21.10.22 server=\ hotspot1 src-address=172.21.10.11-172.21.10.22/ip ipsec policyadd template=yes/ip routeadd distance=1 gateway=192.168.100.1add distance=1 dst-address=172.21.0.0/16 <http://172.21.0.0/16> gateway=192.168.0.254/ip serviceset www-ssl disabled=no/ip upnpset allow-disable-external-interface=no/system identityset name="Mirage Apts"[admin@Mirage Apts] > * *access point mikrotik/interface bridgeadd l2mtu=1598 name=bridge1/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n default-forwarding=no disabled=\ no ht-rxchains=0 ht-txchains=0 l2mtu=2290 mode=ap-bridge ssid=Mirage \ wireless-protocol=802.11/ip neighbor discoveryset wlan1 discover=no/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot user profileset [ find default=yes ] idle-timeout=none keepalive-timeout=2m \ mac-cookie-timeout=3d/ip ipsec proposalset [ find default=yes ] enc-algorithms=3des/system logging actionset 0 memory-lines=100set 1 disk-lines-per-file=100/interface bridge portadd bridge=bridge1 interface=ether1add bridge=bridge1 interface=wlan1add bridge=bridge1 interface=ether2add bridge=bridge1 interface=ether3add bridge=bridge1 interface=ether4add bridge=bridge1 interface=ether5/ip addressadd address=172.21.10.11/16 <http://172.21.10.11/16> interface=bridge1 network=172.21.0.0/ip dhcp-clientadd dhcp-options=hostname,clientid interface=bridge1/ip firewall filteradd chain=input in-interface=!bridge1 src-address=172.21.0.0/16 <http://172.21.0.0/16>add chain=forward comment="Allow HTTP" dst-port=80 protocol=tcpadd chain=device-manageadd chain=input comment="Allow Established connections" connection-state=\ establishedadd chain=input comment="Allow ICMP" protocol=icmp/ip firewall natadd action=masquerade chain=srcnat out-interface=bridge1add action=masquerade chain=srcnat src-address=172.21.0.0/16 <http://172.21.0.0/16>/ip ipsec policyadd template=yes/ip serviceset www-ssl disabled=no/ip upnpset allow-disable-external-interface=no/system identityset name=Hmiorofos/system ledsset 0 interface=wlan1[admin@Hmiorofos] > * -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150310/2606cd26/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
