Community discussions

MikroTik App
 
ahmet82
newbie
Topic Author
Posts: 47
Joined: Thu Aug 20, 2020 12:26 am

Masquare required when pinging same vlan over VPN

Sun Nov 13, 2022 4:05 am

I setup l2tp vpn. it works as expected. When I access other vlans it also works. However, if I try to access a device in the same vlan it doesn't work. Unless I define masqarade. What is the reason for this?


reducted


Last edited by ahmet82 on Sun Nov 13, 2022 5:54 pm, edited 1 time in total.
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Masquare required when pinging same vlan over VPN  [SOLVED]

Sun Nov 13, 2022 7:32 am

User error, as usual. ;)

You have same pool for VLAN and VPN. So you're saying that whole 10.97.20.0/24 is on "97 TRUSTED VLAN" interface, but it's not true, because some addresses are elsewhere. Device connected to VLAN expects all these addresses to be directly reachable, because they are in same subnet. But they are not. If you want to keep same pool, then it's either your srcnat, or you can enable proxy ARP on "97 TRUSTED VLAN" interface (arp=proxy-arp).

Btw, if this is your whole config, then you have no firewall at all and everything is wide open, that's not ideal.
 
ahmet82
newbie
Topic Author
Posts: 47
Joined: Thu Aug 20, 2020 12:26 am

Re: Masquare required when pinging same vlan over VPN

Sun Nov 13, 2022 11:07 am

Got it thank you. I am just setting it up. I will put the firewall rules today

Who is online

Users browsing this forum: bhayfron, Bing [Bot], karlisi, michalbondzia, Semrush [Bot] and 17 guests