FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,022 views 4 comments
by anonymous
Hello! I have Mikrotik as L2TP Server and Teltonika RUT240 as L2TP client. On previous firmware everything seemed to work. After the update to latest firmware I have created an L2TP Client and added a route to the remote network.

The Mikrotik network is 192.168.0.10/24

Teltonika network is 192.168.3.1/24

L2TP server is 192.168.20.1, vpn clien 192.168.20.16.

From RUT240 the connection is established to the Mikrotik router. But routing doesnt work. I can ping VPN address of RUT240. But i cannot ping 192.168.20.1 (mikrotik side of vpn tunnel, "destination port is unreachable"), i cannot ping 192.168.0.10 and i can not ping and of the ip addresses on Mikrotik network. The same applies to Mikrotik side (can ping its VPN address, but cant ping RUT240 vpn addres, local address and any of network addresses).

Perhaps  this is routing of firewall issue.

Where should I look at?
by anonymous
I want to add that from RUT240 console it is possible to pint VPN address of Mikrotik (192.168.20.1), but it is not possible to ping any mikrotik network address.

There is a route on mikrotik side. So i suppose this is firewall issue of RUT240.

1 Answer

0 votes
by anonymous

Hello,

There currently is a firmware issue, where when you create a L2TP VPN client, the firewall rule won‘t automatically generate, you’ll have to do it manually. Go to WebUI Network -> Firewall, there you will need to add a new zone.

· Press the button ADD

·  Name: l2tp

· Input: Accept

· Output: Accept

·  Forward: Reject

·  Masquerading: ON

· MSS clamping: OFF

· Covered networks: Select the lane of your L2TP instance, in my case l2tp

· Allow forward to destination zones: LAN

· Allow forward from source zones: LAN

· Save & Apply

Now you should be apple to ping your client from server and vice versa.

You can find more information about firewall zones on our wiki: https://wiki.teltonika-networks.com/view/RUT240_Firewall#Zones

Regards,

Paulius

by anonymous

Thanks. 

Now i can ping from RUT240 to Remote Router VPN address (192.168.20.1) from RUT240 network. And i can ping from Mikrotik network to RUT240 network. But i cannot ping from RUT240 network to Mikrotik network. 

Routes on mikrotik are ok.

Route on RUT240 side is like this:

Firewall rules on RUT240 look like this:

What else should i check?

by anonymous

One possible mistake in your configuration might be, that you have wrong interface selected in the STATIC IPV4 ROUTES table, instead of lan it should the tunnel name of your l2tp configuration. It should be visible in the dropdown select.

by anonymous

Many thanks! I have changed from LAN to L2TP and now routing works.

Many thanks for your help!