mikrotik pptp VPN

[ahenning]

It sounds like not all traffic is flowing through the devices in both directions. Does the VPN only tunnel specific traffic to the other end e.g. outlook, but the internet traffic is directly out from the router?

Or rather that the internet traffic is flowing correctly via both devices, but the mail traffic not. For example if the email servers was on a separate VPN, but then you did not have a point to point link, more of a point to multipoint. In this case the second vpn site either also needs a wanop device or that sites subnets needs to be bypassed with a policy rule.

Hope it helps.

[lexyus]

it suppose all traffic is flowing through same VPN link. We have only 1 kind of it.

I attach my policy rule, is it need to be configured?

[ahenning]

If it is a truly point to point VPN where all traffic that enters the Mikrotik exits on the Mikrotik on the other side, then no.

But since Outlook stops working after the peers are up, means this traffic is not following through this path. Perhaps the mail server is in a different subnet and the Mikrotik is routing the traffic back out the lan side. In this case exclude the mail server subnet with a bypass policy rule.

[lexyus]

Dear ahenning,

sorry for late reply. I decide to try reinstall wanos on other PC. Maybe this time with newer PC instead of old stock PC.

So after i reinstall, I should just need to change IP address and make sure to plug the right cables right? or is there any other setting to make sure?


will update it to you later. thanks

[ahenning]

Yes, and setting the ip addresses to see the graphs can help. That is about it on a normal standard point to point link.

The mikrotik is not perhaps routing some extra subnets back to the lan (e.g. router on a stick)?

[lexyus]

"The mikrotik is not perhaps routing some extra subnets back to the lan (e.g. router on a stick)?"

I don't really understand what that statement means, can you give me example or explanation?

[ahenning]

If you have only one subnet at each site then it ok. Nothing else needed.

If there are more than one subnet at each site and the mikrotik is responsible for the routing between these subnets, then a bypass rule is needed e.g. user-subnet > server-subnet bypass and the other way round as well.

For example, let say at one site there are users and servers. Users are on 192.168.1.0/24 and servers 192.168.2.0/24. When users communicate with the servers the traffic might be routed by the WAN/VPN Router. In this case traffic from the User goes through the Wanos device, to the router, then back through the same Wanos device to the Servers. In this case the example bypass rule above is needed.


Or better yet:
1) Create a default any any bypass rule at the end (#99)
2) Create a specific rule (#10) for the two site subnets that needs to be optimized. E.g. if site-1 is 10.1.1.0/24 and site-2 is 10.1.2.0/24. Then optimize only these subnets e.g. Site-1 #10 has src 10.1.1.0/24 to dst 10.1.2.0/24. And site-2 #10 has src 10.1.2.0/24 dst 10.1.1.0/24.

[lexyus]

Dear ahenning,

after i re-install both PC, somehow i manage to get the optimization working between sites. But i have a some major problem about internet link.

I attached the picture for easier understanding.

You see, i have two sites which linked through Mikrotik pptp VPN. The internet link was only on site A. If users from site B would browse an internet, it will be routed to site A. This is our current condition.

When i attached both wanos, I can do the optimization, but users from both sites cannot connect to internet.

I was wandering, how can I able to still have the optimization but users still can connect to internet?
is there any bypass rule need to be set?

thanks for Reply

[ahenning]

Hi,

Yes, that is correct, a bypass rule is needed for the Internet traffic. Fortunately it is simple. Rule 99 in the image was created to bypass all traffic. Rule 10 in the image was created to optimized only traffic from site-a .6 to site-b .7 The same config would be needed at site-b, but of course the source would then be .7 and destination .6

Config:

[lexyus]

Thanks ahenning for your quick reply. I will try it tomorrow when lunch break. Will update to you soon.


 

[lexyus]

Dear ahenning,

it works flawlessly! after I add policy that you mention, everything is working smoothly.

Thank you very much for your help, very impressive.