How to set vpn on Mikrotik 3g operator?

0 like 0 dislike
32 views
There are two 3g modem from a cellular carrier for setup VPN.
One connects to the computer. It with the software from the modem establishes a connection with the operator. In the program, you enter the dial number, APN, username, password. Appears when you connect a virtual network card with the address 10.12.202.2 mask 255.255.255.252 gateway 10.12.202.1.
Second modem connected to Mikrotik with address 192.168.88.1. In interefeysa there is a new PPP Client. It also introduces the dial number, APN, username, password. The connection to the operator interface of the modem gets the address of the 10.12.202.1 network 10.112.112.132. To Mikrotik network-connected laptop which receives from Mikrotik address 192.168.88.1 255.255.255.0 192.168.88.252.
After that, the computer 10.12.202.2 any response from 10.12.202.1, but not 192.168.88.1 (or 252) RDP does not work either.
With laptop (88.252) 202.2 ping and you can connect via RDP.
Actually the question is what to configure in Mikrotik, what would the first computer (202.2) was available as a network for microtia?
Scheme:
5aec28d1c2b46276917160.png
Settings Mikrotik:
5aec27dfb4522478263475.png
/interface bridge
add admin-mac=64:D1:54:45:23:49 arp=proxy-arp auto-mac=no comment=defconf \\
name=bridge
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \\
stop-bits=1
set 1 name=usb2
/interface ppp-client
add apn=htc.velcom.by disabled=no info-channel=1 name=htc.velcom.by password=\\
123 phone=*99# port=usb2 user=123
add apn=internet name=ppp-out1 port=usb1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf disabled=yes interface=wlan1
add bridge=bridge interface=ether1
/ip neighbor discovery settings
set discover-interface-list=LAN
/interface member list
add comment=defconf interface=bridge list=LAN
add interface=wlan1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\\
Is 192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\\
ether1
add dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip dhcp-server network
add address=is 192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\\
"defconf: accept established,related,untracked" connection-state=\\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \\
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \\
ipsec policy=in ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \\
ipsec policy=out ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \\
connection-state=established,related
add action=accept chain=forward comment=\\
"defconf: accept established,related, untracked" connection-state=\\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \\
connection-state=invalid
add action=drop chain=forward comment=\\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \\
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat src-address=is 192.168.88.0/24
/system clock
set time-zone-name=Europe/Minsk
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

The computer 10.12.202.2:
0.0.0.0 0.0.0.0 10.12.202.1 10.12.202.2 311
10.12.202.0 255.255.255.252 On-link 10.12.202.2 311
10.12.202.2 255.255.255.255 On-link 10.12.202.2 311
10.12.202.3 255.255.255.255 On-link 10.12.202.2 311
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
Is 192.168.88.0 255.255.255.0 10.12.202.1 10.12.202.2 56
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.12.202.2 311
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.12.202.2 311
by | 32 views

1 Answer

0 like 0 dislike
Well white on black is written

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

Remove NAT from the PC write a route on the network for microteam.
by

Related questions

0 like 0 dislike
4 answers
0 like 0 dislike
4 answers
110,608 questions
257,186 answers
0 comments
33,907 users