Hi all! (it is my 1st post here)
I have a Hac2 router at my home and a RB750 in a remote location.
I made a L2TP connection from RB750 to Hac2 and I tested at home via SIM data connection, all worked fine.
When in the remote location, tke link goes up, from Hac2 I reck the RB750 via ping and terminal, but, from my LAN at home I don't reath the remote peer.
In addresses
At home: 192.168.88.0/24
The L2TP link: at home 192.168.100.1 (I can ping it from LAN), remote 192.168.100.2 (I cannot ping it from LAN, but I can ping and connect to it from Hac2)
remote LAN: 10.20.30.0/24 (I cannot ping it from LAN, but I can ping and connect to it from Hac2)
From LAN the traceroute to 192.168.100.2 and 10.20.30.10 is the sameLocal Hac2 config (I removed DHCP resevations)Remote RB750 configI think it could be a route error, but, where?
Thanks a lot!
I have a Hac2 router at my home and a RB750 in a remote location.
I made a L2TP connection from RB750 to Hac2 and I tested at home via SIM data connection, all worked fine.
When in the remote location, tke link goes up, from Hac2 I reck the RB750 via ping and terminal, but, from my LAN at home I don't reath the remote peer.
In addresses
At home: 192.168.88.0/24
The L2TP link: at home 192.168.100.1 (I can ping it from LAN), remote 192.168.100.2 (I cannot ping it from LAN, but I can ping and connect to it from Hac2)
remote LAN: 10.20.30.0/24 (I cannot ping it from LAN, but I can ping and connect to it from Hac2)
From LAN the traceroute to 192.168.100.2 and 10.20.30.10 is the same
Code:
traceroute to 10.20.30.10 (10.20.30.10), 64 hops max, 52 byte packets 1 192.168.88.1 (192.168.88.1) 1.398 ms 0.391 ms 0.266 ms 2 * * * 3 * * *Code:
# mar/01/2024 23:27:18 by RouterOS 6.49.2# software id = BPRS-WXYY## model = RBD52G-5HacD2HnD# serial number =/interface bridgeadd admin-mac=C4:AD:34:0C:C7:5F arp=proxy-arp auto-mac=no comment=defconf name=bridge/interface pppoe-clientadd add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 password=XXX use-peer-dns=yes user=XXX/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=italy disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=XXX station-roaming=enabled wireless-protocol=802.11set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=italy disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=XXX station-roaming=enabled wireless-protocol=802.11/interface vlanadd interface=ether3 name="XXX" vlan-id=50/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=XXX wpa2-pre-shared-key=XXXadd authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=profile-ospiti supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=XXX wpa2-pre-shared-key=XXX/interface wirelessadd disabled=no keepalive-frames=disabled mac-address=C6:AD:34:0C:C7:63 master-interface=wlan1 multicast-buffering=disabled name=wlan-guest security-profile=profile-ospiti ssid="Per gli ospiti" station-roaming=enabled wds-cost-range=0 wds-default-cost=0 wps-mode=\ disabled/ip pooladd name=dhcp ranges=192.168.88.10-192.168.88.99add name=dhcp_guest ranges=192.168.99.2-192.168.99.50add name=dhcp_l2tp ranges=192.168.100.2-192.168.100.5add name=dhcp_pool3 ranges=192.168.101.50-192.168.101.254/ip dhcp-serveradd address-pool=dhcp disabled=no interface=bridge lease-time=3d name=defconfadd address-pool=dhcp_guest authoritative=after-2sec-delay disabled=no interface=wlan-guest lease-time=1d name=server-guestadd address-pool=dhcp_pool3 disabled=no interface="WiFi domotica" lease-time=1w3d name=dhcp1/ppp profileadd dns-server=1.1.1.1 local-address=192.168.100.1 name=l2tp/user groupset full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge comment=defconf interface=wlan1add bridge=bridge comment=defconf interface=wlan2/ip neighbor discovery-settingsset discover-interface-list=LAN/interface l2tp-server serverset authentication=mschap1,mschap2 default-profile=l2tp enabled=yes ipsec-secret=XXX use-ipsec=required/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WANadd interface=pppoe-out1 list=WAN/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0add address=192.168.99.1/24 interface=wlan-guest network=192.168.99.0add address=192.168.101.1/24 interface="WiFi domotica" network=192.168.101.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server lease[...]/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=1.1.1.1,8.8.8.8 gateway=192.168.88.1add address=192.168.99.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.99.1add address=192.168.101.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=192.168.101.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1,8.8.8.8/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=accept chain=input comment="Per L2TP" dst-port=1701,500,4500 in-interface-list=all protocol=udpadd action=accept chain=input comment="Per L2TP" in-interface-list=all protocol=ipsec-espadd action=accept chain=forward comment="Da LAN a L2TP NAS" dst-address=192.168.100.0/24 src-address=192.168.88.0/24add action=accept chain=forward comment="Autorizza da rete casa a domotica" dst-address=192.168.101.0/24 src-address=192.168.88.0/24add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="Blocca navigazione alla foscam" out-interface=pppoe-out1 src-address=192.168.88.43add action=drop chain=forward comment="Blocco per rete ospiti" dst-address=192.168.88.0/24 src-address=192.168.99.0/24add action=drop chain=forward comment="Blocco per rete ospiti" dst-address=192.168.99.0/24 src-address=192.168.88.0/24add action=drop chain=forward comment="Blocca WiFi Domotica vs WiFi casa" connection-state=new dst-address=192.168.88.0/24 src-address=192.168.101.0/24add action=drop chain=forward comment="Blocca WiFi Domotica vs Guest" dst-address=192.168.99.0/24 src-address=192.168.101.0/24add action=accept chain=forward comment="Per Wireguard" dst-address=192.168.88.82 dst-port=51820 log=yes protocol=udp routing-table=""add action=accept chain=forward comment="OpenVPN con Pi-VPN" dst-address=192.168.88.11 dst-port=50000 log=yes protocol=tcpadd action=accept chain=forward comment=Zabbix disabled=yes dst-address=192.168.88.24 dst-port=10051 log=yes protocol=tcpadd action=accept chain=forward comment="Backup SCP su Frannuc" disabled=yes dst-address=192.168.88.20 dst-port=50023 protocol=tcpadd action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,relatedadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat comment="NAT per navigazione ospiti" out-interface=ether1 out-interface-list=WAN src-address=192.168.99.0/24add action=dst-nat chain=dstnat comment="NAT per accesso in VPN" dst-port=50000 log=yes protocol=tcp to-addresses=192.168.88.11 to-ports=50000add action=dst-nat chain=dstnat comment="Per Wireguard" dst-port=51820 protocol=udp to-addresses=192.168.88.52 to-ports=51820add action=dst-nat chain=dstnat comment="NAT per Zabbix" disabled=yes dst-port=10051 log=yes protocol=tcp to-addresses=192.168.88.24 to-ports=10051add action=dst-nat chain=dstnat comment="SCP per backup clienti" disabled=yes dst-port=50023 protocol=tcp to-addresses=192.168.88.20 to-ports=222/ip routeadd disabled=yes distance=1 gateway=77.108.20.85add distance=1 dst-address=10.20.30.0/24 gateway=192.168.100.2/ip serviceset telnet address=192.168.88.0/24set ftp address=192.168.88.0/24set www address=192.168.88.0/24set ssh address=192.168.88.0/24set api address=192.168.88.0/24set winbox address=192.168.88.0/24,127.0.0.1/32set api-ssl address=192.168.88.0/24/ppp secretadd name=francesco password=XXX remote-address=192.168.100.10 routes=192.168.88.0/24add name=nasbackup password=XXX remote-address=192.168.100.2 routes=192.168.88.0/24/snmpset enabled=yes trap-version=2/system clockset time-zone-name=Europe/Rome/system loggingadd topics=pppoe/system package updateset channel=long-term/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANCode:
# 2024-03-01 23:27:10 by RouterOS 7.10.1# software id = TGRP-WUCS## model = RB750Gr3# serial number =/interface bridgeadd admin-mac=2C:C8:1B:F2:1D:C4 auto-mac=no comment=defconf name=bridge/interface ethernetset [ find default-name=ether3 ] disabled=yesset [ find default-name=ether4 ] disabled=yesset [ find default-name=ether5 ] disabled=yes/interface l2tp-clientadd comment="VPN" connect-to=XXX.duckdns.org disabled=no keepalive-timeout=30 name=L2TP-to use-ipsec=yes user=nasbackup/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=dhcp ranges=10.20.30.2/31/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=10m name=defconf/portset 0 name=serial0/interface bridge portadd bridge=bridge comment=defconf ingress-filtering=no interface=ether2add bridge=bridge comment=defconf ingress-filtering=no interface=ether3add bridge=bridge comment=defconf ingress-filtering=no interface=ether4add bridge=bridge comment=defconf ingress-filtering=no interface=ether5/ip neighbor discovery-settingsset discover-interface-list=LAN/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/interface ovpn-server serverset auth=sha1,md5/ip addressadd address=10.20.30.1/24 comment=defconf interface=ether2 network=10.20.30.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server networkadd address=10.20.30.0/24 comment=defconf gateway=10.20.30.1 netmask=24/ip dnsset allow-remote-requests=yes/ip dns staticadd address=10.20.30.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=accept chain=input comment="Controlli da casa Tucci" dst-port=80,8291,22 in-interface=L2TP-to protocol=tcpadd action=accept chain=input comment="Controlli da casa Tucci" dst-port=161 in-interface=L2TP-to protocol=udpadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN/snmpset enabled=yes/system clockset time-zone-name=Europe/Rome/system identityset name=/system noteset show-at-login=no/tool graphing interfaceadd/tool graphing resourceadd/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANThanks a lot!
Statistics: Posted by cesco78 — Sat Mar 02, 2024 1:17 am