Assistance - Mikrotik - L2TP\IPSec VPN Configuration (Please!)
Shindig

1162 posts

Uber Geek

Trusted

#282597 28-Feb-2021 13:53
Hello there.

 

Would anyone be able to help me configure a L2TP IPSec VPN on a 'tik 4011.

 

I have attempted a couple of time, and at one point reset the router so I could start again.

 

Following a few tutorials to really try and understand. 

 

 

 

I gain a connection to the VPN from a Win10 laptop - tethered to a mobile phone
I gain an IP address and the DNS is set, but I can't access anything on the LAN with DNS names. 

 

To make it worst, the second time round, I know can't access anything local.

 

There doesn't appear to be that one definitive guide and the different toturials are written for different versions of the OS.

 

 

 

Anyone lend a hand please?

 

cheers




The little things make the biggest difference.

Dynamic
3358 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2665740 28-Feb-2021 14:18
With the VPN connected, can you PING something on your LAN?  If yes, this would suggest you are 95% of the way there.

Maybe post a couple of images of your config?  IP addresses of the devices involved?




"Don't believe anything you read on the net. Except this. Well, including this, I suppose." Douglas Adams

 

Shindig

1162 posts

Uber Geek

Trusted

  #2665752 28-Feb-2021 14:38
Would you be up for a screen share?

 

 




The little things make the biggest difference.

Shindig

1162 posts

Uber Geek

Trusted

  #2665764 28-Feb-2021 15:19
OK, got a personal guide from a geekzoner over PM - thank you!

 

Just the DNS to sort now

 

When trying to ping my nas box hostname - i get the usual , can't find the host

 

 

 

I see DNS IP my local clients get is set correctly on the PPP adapter - also, I can browse the web?

 

 

 

any ideas? Feels like i'm close




The little things make the biggest difference.



Shindig

1162 posts

Uber Geek

Trusted

  #2665771 28-Feb-2021 15:56
hmmm dns request timesout - as if it isn't getting there..




The little things make the biggest difference.

cyril7
8708 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2665773 28-Feb-2021 16:04
Hi so what is the DNS record and what is that pointing to.

 

Cyril

Shindig

1162 posts

Uber Geek

Trusted

  #2665780 28-Feb-2021 16:16
dns static record on the tik is 

 

 

 

jupiter pointing to 192.168.10.4

 

 

 

suffix is router.lan and I've added an entry of jupiter.router.lan as well

 

 




The little things make the biggest difference.

cyril7
8708 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2665785 28-Feb-2021 16:19
And .10.4 is what exactly? and can you ping it over the vpn

 

Cyril



Shindig

1162 posts

Uber Geek

Trusted

  #2665788 28-Feb-2021 16:26
192.168.10.X is local IP range where all LAN devices are on

 

Ping to IP (10.4) works 

 

Tether win10 laptop - connected to VPN - tracert finds the device when using IP address




The little things make the biggest difference.

cyril7
8708 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2665791 28-Feb-2021 16:30
Ummm, but what is it, what DNS functionality does it provide, is it possible it has been set to not respond to DNS requests from the VPN subnet, just trying to understand what it is.

 

Cyril

Shindig

1162 posts

Uber Geek

Trusted

  #2665793 28-Feb-2021 16:41
10.4 is synology NAS drive

 

Tik router is 10.1 which handles DNS

 

VPN client - using 11.x subnet - gets a 10.1 DNS IP

 

Just tested - DNS is broken for both local and external (web browsing)- RATS!!!

 

NAT traversal is enabled on the IPSec profile

 

 




The little things make the biggest difference.

Spyware
2971 posts

Uber Geek

Lifetime subscriber

  #2665805 28-Feb-2021 16:55
Allow Remote Requests




Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, UAP, UAP AC Pro, UAP AC Pro Mesh, Apple TV 4, Apple TV 4K, iPad Air 1st gen, iPad Air 4th gen, iPhone XR, VodaTV Gen 2. If it doesn't move then it's data cabled.

cyril7
8708 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2665819 28-Feb-2021 17:21
Ahh, so just checking why have you got the DNS record for VPN clients set to point to the Syno, (which is what you orginally said 10.4) surely it should bt 10.1 the MT?

 

Cyril

MadEngineer
2994 posts

Uber Geek

Trusted

  #2665941 28-Feb-2021 22:01
You need to turn on proxy arp




You're not on Atlantis anymore, Duncan Idaho.

OzoneNZ
101 posts

Master Geek


  #2665956 1-Mar-2021 01:03
MadEngineer: You need to turn on proxy arp

 

 

 

Second this, I had issues with VPN traffic not passing until enabling proxy-arp on the LAN bridge interface 

Shindig

1162 posts

Uber Geek

Trusted

  #2665970 1-Mar-2021 07:44
Let me check out this proxy arp! Thank you for the suggestion.




The little things make the biggest difference.

