SKFREE
Mikrotik™ Podpora - pptp na MK
Chalan - 23.05.2012 - 20:40
Post subject: pptp na MK
prosim o radu a pomoc.
klientovi som zriadil pripojku kde maju mk co robi wlan klienta a na eth strane nat. zriadil som im na tom zariadeni aj pptp server. tvrdia nasledovne...
- ked mame zapojeny DSL router - VPN pripojenie funguje sice pomaly, ale spolahlivo,
co znamena, ze sa dostaneme na kazdy server vo vnutornej sieti. (maju este paralerne dslku ktoru chcu zrusit)
- ked zapojime do nasej siete vas router, sprava sa to velmi podivne,
niektore servre su pristupne, niektore nie, resp. chvilu su pristupne a chvilu nie.
kedze nemam pristup na ich stroje nemam to ako pretestovat. pripojenie funguje bezproblemov... nizsie posielam nastavenia... na hlavnej brane je full nat z verejnej ip na 192.168.91.31
Code: › [admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
1 192.168.91.3/24 192.168.91.0 wlan1
2 192.168.91.31/24 192.168.91.0 wlan1
3 192.168.1.1/24 192.168.1.0 lan
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.91.1 1
1 ADC 192.168.1.0/24 192.168.1.1 lan 0
2 ADC 192.168.91.0/24 192.168.91.3 wlan1 0
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; nat vsetkeho
chain=srcnat action=netmap to-addresses=192.168.91.31
[admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="lan" mtu=1500 l2mtu=65535 arp=proxy-arp mac-address=00:00:00:00:00:00 protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 I ether1 lan 0x80 10 none
[admin@MikroTik] > ip pool print
# NAME RANGES
0 lan 192.168.1.155-192.168.1.254
[admin@MikroTik] > ppp profile print
Flags: * - default
0 * name="default" use-mpls=default use-compression=default use-vj-compression=default use-encryption=default only-one=default
change-tcp-mss=yes
1 name="work" local-address=192.168.1.150 remote-address=lan use-mpls=default use-compression=default use-vj-compression=default
use-encryption=yes only-one=default change-tcp-mss=yes dns-server=192.168.1.1,192.168.210.1
2 * name="default-encryption" use-mpls=default use-compression=default use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=yes
[admin@MikroTik] > ppp secret print
Flags: X - disabled
# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS
0 external1 pptp xxxx work
1 chalan pptp xxxx work
vo firewall service ports pptp povoleny
mam tam niekde chybu? prehliadol som nieco? dakujem za kazdu radu
Thomas - 23.05.2012 - 23:00
Post subject:
Code: › /ip firewall mangle
add action=change-mss chain=forward comment="lebo tunel" disabled=no new-mss=\
1400 out-interface=GRE-TT passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=\
1351-65535
add action=change-mss chain=forward comment="lebo tunel" disabled=no \
in-interface=GRE-TT new-mss=1400 passthrough=yes protocol=tcp tcp-flags=syn \
tcp-mss=1351-65535
Chalan - 24.05.2012 - 08:59
Post subject:
ako mas definovany GRE-TT interface? v mojom pripade je to ethernet? bridge? alebo pptp-in1 interface?
chybu ktoru popisuju by mohol sposobit aj arp? predtym som to nemal prepnute na proxy-arp ale len arp enabled...