MikroTik. Home network and the network through the VPN

At work there is fraha where you configured a pptp server. There was an idea to implement on Mikrotik a permanent connection to the workplace, but there is a problem.
Both home and work network has address To change the range of your home network don't want to. Used. Range of working network is not possible. When you connect to a VPN Mikrotik gets an IP from the range
I think that we should add a rule like:
/ip firewall nat add chain=srcnat src-address= \
action=netmap to-addresses=
Taken from the wiki Mikrotik, addresses have not changed. And specify the pptp interface. If such a rule is to convert addresses from the network address Or how to make the connection?
October 8th 19 at 00:28
5 answers
October 8th 19 at 00:30
You will have to change the addressing of the network, because there can't be two different networks that are directly connected and have the same address space.
Yes direct connection it is not. Seems some kind of NAT that will forward packets coming from the home network to the server on working network. Access from the working network in the home is not needed. - Jana26 commented on October 8th 19 at 00:33
October 8th 19 at 00:32
You have correctly subtracted the wiki, but you need not srcnat and dstnat.
Ie, you can try to connect with the office and sumapit its range on virtual And accordingly out of the house to go to the addresses which will unfold in the office
in this case dst-address= to-addresses=
still need masquerading on the VPN interface to the office router normal responses and route network through the VPN.
Almost figured out, but is disgusting.
Made extra rules removed:
Mark packages:

[Klajnor@MikroTik] > /ip firewall mangle print
Flags: X — disabled, I — invalid, D — dynamic
0 ;;; Mark packets to
chain=PREROUTING policy action=mark-routing new-routing-mark=intercom passthrough=yes dst-address=

Mapim a range of IP addresses, and custom masquerade:
[Klajnor@MikroTik] > /ip firewall nat print
Flags: X — disabled, I — invalid, D — dynamic

2 I ;;; NAT Intercom
chain=srcnat action=masquerade out-interface=PPTP Interkom

11 ;;; Map to
chain=dstnat action=netmap to-addresses= dst-address=

For labeled packets the added route. And works like, but not quite.

Pinguy server on the job:

Tracing route to INT-SRV1 []
the maximum number of jumps 30:

1 <1 MS <1 MS <1 MS INT-SRV1 []
2 61 ms 59 ms 60 ms INT-SRV1 []
3 61 ms 60 ms 62 ms INT-SRV1 []

Radmin, balls, etc. kind of up and running, but very, very bad. Something missing in the soup - Jana26 commented on October 8th 19 at 00:35
To trasert showed correctly, try to add a srcnat for reverse mapping of network c in-interface=pptp. (chain=srcnat action=netmap to-addresses= src-address= in-interface=pptp). Not sure it will work before saved state dstnat, but worth a try.

To check what is missing — need to check first whether there is a lag in the normal connection, i.e. with a different IP range. Raise a separate interface with a different address range to check. Leave only masquerading on pptp. Connect and check — if it is as bad for the heart connection. - Jana26 commented on October 8th 19 at 00:38
Trace and did not work. The rule was added.

And about the test — if you raise the connection with domashnego the computer and add a default route through the VPN it works fine. And Radmin and balls, even the pings to the external Internet go. Probably in fairville allow traffic to go to Internet from desktop gateway.
Okay. To hell with such confusion. Change the addressing on your home network, it's easier. Probably easier to change 20-30 numbers at known locations than to puzzle over what is still unknown. - oswaldo_Schulist commented on October 8th 19 at 00:41
October 8th 19 at 00:34
For a long time, from the beginning of the use of personal local network, use addresses of the form 192.168.234.x/24. With nothing else do not intersect.
Yes, I probably will. It will be easier - Jana26 commented on October 8th 19 at 00:37
October 8th 19 at 00:36
I have almost the same was the task. The work of FreeBSD, the network, the house Mikrotik, network you had a home to go to work. Did so: Mikrotik raised the pptp server, set the username and password. At work, on FreeBSD set the client mpd5 client was prescribed a login and pass. Added it in kroons and prescribed route add From work pinguy only pictoric that was needed. With the house can easily connect to any work computer.
October 8th 19 at 00:38
From the point of view of network engineering, you will help VPN based on L2 Protocol. For example, L2TP. How exactly to configure it in FreeBSD I don't know, try googling.

Find more questions by tags MikrotikComputer networks