Due router mikrotik

[figheras]

Ma comunque non riesco riesco a raggiungere l'host in sede B da pubblico sede A : 60000...
Cosa sbaglio ?

Se l'export che hai eseguito è sempre lo stesso, sulla sede B nn vedo nessuna regola di nat, gira la 60000 verso l'host interno!

[kris89]

Adesso mi rendo conto che non funziona più nulla... Dalla rete locale sede B vedo il locale sede A...
dalla rete locale sede A (server vpn) non vedo il locale sede B...

export server vpn

Codice: Seleziona tutto

#
/interface ethernet
set 0 arp=proxy-arp name=ether1-gateway
set 1 arp=proxy-arp name=ether2-master-local
set 2 arp=proxy-arp master-port=ether2-master-local name=ether3-slave-local
set 3 arp=proxy-arp master-port=ether2-master-local name=ether4-slave-local
set 4 arp=proxy-arp master-port=ether2-master-local name=ether5-slave-local
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master-local name=\
    default
/ppp profile
add comment=kris89 local-address=10.10.10.1 name=PPTP
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=PPTP enabled=yes
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    ether2-master-local
add address=192.168.1.250/24 comment=kris89 interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=input comment=kris89 in-interface=ether1-gateway
add chain=forward out-interface="(unknown)"
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway to-addresses=0.0.0.0
/ip neighbor discovery
set ether1-gateway disabled=yes
/ip route
add distance=1 gateway=192.168.1.1
add distance=1 dst-address=192.168.99.0/24 gateway=10.10.10.100
/ppp secret
add comment=kris89 local-address=10.10.10.10 name=user1 password=user1 profile=\
    PPTP remote-address=10.10.10.100
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local


vpn client

Codice: Seleziona tutto

#
/interface ethernet
set 0 arp=proxy-arp name=ether1-gateway
set 1 arp=proxy-arp name=ether2-master-local
set 2 arp=proxy-arp master-port=ether2-master-local name=ether3-slave-local
set 3 arp=proxy-arp master-port=ether2-master-local name=ether4-slave-local
set 4 arp=proxy-arp master-port=ether2-master-local name=ether5-slave-local
/interface pptp-client
add comment=kris89 connect-to=79.39.191.166 disabled=no name=pptp-out1 \
    password=user1 user=user1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=kris89-dhcp ranges=192.168.99.100-192.168.99.200
/ip dhcp-server
add address-pool=kris89-dhcp disabled=no interface=ether2-master-local name=\
    default
/ip address
add address=192.168.99.1/24 comment=kris89 interface=ether2-master-local
/ip dhcp-client
add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.99.0/24 comment=kris89 dns-server=192.168.99.1 gateway=\
    192.168.99.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=input comment=kris89 in-interface=ether1-gateway
add chain=forward out-interface=pptp-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat in-interface=pptp-out1 protocol=tcp \
    to-addresses=192.168.99.70 to-ports=60000
/ip neighbor discovery
set ether1-gateway disabled=yes
/ip route
add distance=1 dst-address=192.168.88.0/24 gateway=10.10.10.10
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local

Non ci capisco più niente...

[admin]

Sul server PPTP ci sono incongruenze:

add comment=kris89 local-address=10.10.10.1 name=PPTP

Non corrisponde con:

/ppp secret
add comment=kris89 local-address=10.10.10.10 name=user1 password=user1 profile=PPTP remote-address=10.10.10.100

Sul client VPN non corrisponde:

/ip route
add distance=1 dst-address=192.168.88.0/24 gateway=10.10.10.10

Cambia il local address al profilo "PPTP" che hai creato:

Codice: Seleziona tutto

ppp profile set PPTP local-address=10.10.10.10

[kris89]

cambiato.. riesco a fare ping dalla sede A alla sede B, ma non apro l'interfaccia web, neppure quella del router vnp sede B....
perchè? ometto qualcosa ?