How to forward GRE protocol 47 on Mikrotik router?
up vote
1
down vote
favorite
I'm new to Mikrotik routers. I'm using mine with Webfig 6.10.
I would like to use a TP-Link router as a VPN server behind the Mikrotik router, and as I read, I have to forward GRE protocol 47 for this.
I tried many solutions I found online but nothing worked so far.
How should I set up the rule correctly?
Thanks in advance!
vpn mikrotik-routeros
add a comment |
up vote
1
down vote
favorite
I'm new to Mikrotik routers. I'm using mine with Webfig 6.10.
I would like to use a TP-Link router as a VPN server behind the Mikrotik router, and as I read, I have to forward GRE protocol 47 for this.
I tried many solutions I found online but nothing worked so far.
How should I set up the rule correctly?
Thanks in advance!
vpn mikrotik-routeros
1
wiki.mikrotik.com/wiki/…
– DavidPostill♦
Nov 12 '15 at 16:17
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I'm new to Mikrotik routers. I'm using mine with Webfig 6.10.
I would like to use a TP-Link router as a VPN server behind the Mikrotik router, and as I read, I have to forward GRE protocol 47 for this.
I tried many solutions I found online but nothing worked so far.
How should I set up the rule correctly?
Thanks in advance!
vpn mikrotik-routeros
I'm new to Mikrotik routers. I'm using mine with Webfig 6.10.
I would like to use a TP-Link router as a VPN server behind the Mikrotik router, and as I read, I have to forward GRE protocol 47 for this.
I tried many solutions I found online but nothing worked so far.
How should I set up the rule correctly?
Thanks in advance!
vpn mikrotik-routeros
vpn mikrotik-routeros
edited Dec 14 at 21:54
Duncan X Simpson
1,083821
1,083821
asked Nov 12 '15 at 14:40
sza
612
612
1
wiki.mikrotik.com/wiki/…
– DavidPostill♦
Nov 12 '15 at 16:17
add a comment |
1
wiki.mikrotik.com/wiki/…
– DavidPostill♦
Nov 12 '15 at 16:17
1
1
wiki.mikrotik.com/wiki/…
– DavidPostill♦
Nov 12 '15 at 16:17
wiki.mikrotik.com/wiki/…
– DavidPostill♦
Nov 12 '15 at 16:17
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
GRE protocol on its own is not enough.
Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.
For PPTP for example you need to forward port 1723 TCP.
For L2TP you need to forward port 1701 UDP.
For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).
Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding
Port forwarding
To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration
A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.
Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:
if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.
Comparable command line command:
/ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86
It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
– sza
Nov 13 '15 at 7:58
Post your configuration./export
– Cha0s
Nov 13 '15 at 12:14
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f999610%2fhow-to-forward-gre-protocol-47-on-mikrotik-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
GRE protocol on its own is not enough.
Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.
For PPTP for example you need to forward port 1723 TCP.
For L2TP you need to forward port 1701 UDP.
For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).
Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding
Port forwarding
To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration
A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.
Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:
if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.
Comparable command line command:
/ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86
It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
– sza
Nov 13 '15 at 7:58
Post your configuration./export
– Cha0s
Nov 13 '15 at 12:14
add a comment |
up vote
0
down vote
GRE protocol on its own is not enough.
Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.
For PPTP for example you need to forward port 1723 TCP.
For L2TP you need to forward port 1701 UDP.
For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).
Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding
Port forwarding
To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration
A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.
Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:
if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.
Comparable command line command:
/ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86
It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
– sza
Nov 13 '15 at 7:58
Post your configuration./export
– Cha0s
Nov 13 '15 at 12:14
add a comment |
up vote
0
down vote
up vote
0
down vote
GRE protocol on its own is not enough.
Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.
For PPTP for example you need to forward port 1723 TCP.
For L2TP you need to forward port 1701 UDP.
For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).
Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding
Port forwarding
To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration
A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.
Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:
if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.
Comparable command line command:
/ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86
GRE protocol on its own is not enough.
Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.
For PPTP for example you need to forward port 1723 TCP.
For L2TP you need to forward port 1701 UDP.
For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).
Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding
Port forwarding
To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration
A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.
Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:
if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.
Comparable command line command:
/ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86
answered Nov 12 '15 at 16:28
Cha0s
22115
22115
It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
– sza
Nov 13 '15 at 7:58
Post your configuration./export
– Cha0s
Nov 13 '15 at 12:14
add a comment |
It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
– sza
Nov 13 '15 at 7:58
Post your configuration./export
– Cha0s
Nov 13 '15 at 12:14
It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
– sza
Nov 13 '15 at 7:58
It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
– sza
Nov 13 '15 at 7:58
Post your configuration.
/export
– Cha0s
Nov 13 '15 at 12:14
Post your configuration.
/export
– Cha0s
Nov 13 '15 at 12:14
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f999610%2fhow-to-forward-gre-protocol-47-on-mikrotik-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
wiki.mikrotik.com/wiki/…
– DavidPostill♦
Nov 12 '15 at 16:17