l2tp не работает внутри сети

Обсуждение оборудования и его настройки
Ответить
segalws
Сообщения: 1
Зарегистрирован: 14 окт 2014, 11:51

Настроил l2tp сервер+IPSec
С внешней сети подключение проходит нормально, но из локальной сети не удается подключиться.
Подскажите в какую сторону копать.
 конфиг
# oct/14/2014 20:16:29 by RouterOS 6.20
# software id = 5I90-YG5Z
#
/interface bridge
add mtu=1500 name=bridge1
add mtu=1500 name=bridge2
/interface ethernet
set [ find default-name=ether1 ] name=WAN1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no distance=indoors hw-protection-mode=rts-cts l2mtu=2290 mode=ap-bridge \
periodic-calibration=enabled periodic-calibration-interval=10 tx-power=18 tx-power-mode=all-rates-fixed wireless-protocol=\
802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys wpa2-pre-shared-key=1234567890
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool1 ranges=192.168.0.2-192.168.0.100
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 lease-time=3d name=dhcp1 relay=192.168.0.120
/ppp profile
add bridge=bridge1 change-tcp-mss=yes local-address=192.168.0.120 name=l2tp remote-address=dhcp_pool1 use-encryption=yes
/system logging action
set 2 remember=yes
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge2 interface=WAN1
add bridge=bridge2 interface=ether2
/interface l2tp-server server
set default-profile=default enabled=yes
/ip address
add address=123.123.123.28/20 interface=WAN1 network=123.123.123.0
add address=192.168.0.120/24 interface=bridge1 network=192.168.0.0
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8 gateway=192.168.0.120
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=log chain=input in-interface=bridge2 log=yes log-prefix=l2tp port=3389 protocol=udp
add chain=input in-interface=bridge2 port=1701,500,4500 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24
add action=netmap chain=dstnat comment="80 Syn" dst-port=80 in-interface=bridge2 protocol=tcp to-addresses=192.168.0.188 to-ports=\
80
add action=dst-nat chain=dstnat comment="5000 Syn" dst-port=5000 protocol=tcp to-addresses=192.168.0.188 to-ports=5000
add action=netmap chain=dstnat comment="445 Syn" dst-port=445 protocol=udp to-addresses=192.168.0.188 to-ports=445
add action=netmap chain=dstnat comment="445 Syn" dst-port=445 protocol=tcp to-addresses=192.168.0.188 to-ports=445
add action=netmap chain=dstnat comment="3398 Polina" dst-port=3398 protocol=tcp to-addresses=192.168.0.123 to-ports=3389
add action=netmap chain=dstnat comment="80 Syn" dst-port=80 protocol=udp to-addresses=192.168.0.188 to-ports=80
add action=dst-nat chain=dstnat comment=RDP dst-port=3389 protocol=tcp to-addresses=192.168.0.193 to-ports=3389
add action=netmap chain=dstnat comment="RDP MSSQL" dst-port=3399 protocol=tcp to-addresses=192.168.0.194 to-ports=3389
/ip ipsec peer
add generate-policy=port-override secret=test
/ip ipsec policy
set (unknown) dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip route
add distance=1 gateway=123.123.123.1
/ip upnp
set allow-disable-external-interface=no
/ppp secret
add comment="VPN User" name=sega password=123456 profile=l2tp
/snmp
set trap-community=public
/system clock
set time-zone-name=Asia/Vladivostok
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=85.21.78.8 secondary-ntp=31.131.249.19


Ответить