How to forward GRE protocol 47 on Mikrotik router?











up vote
1
down vote

favorite












I'm new to Mikrotik routers. I'm using mine with Webfig 6.10.



I would like to use a TP-Link router as a VPN server behind the Mikrotik router, and as I read, I have to forward GRE protocol 47 for this.



I tried many solutions I found online but nothing worked so far.



How should I set up the rule correctly?



Thanks in advance!










share|improve this question


















  • 1




    wiki.mikrotik.com/wiki/…
    – DavidPostill
    Nov 12 '15 at 16:17















up vote
1
down vote

favorite












I'm new to Mikrotik routers. I'm using mine with Webfig 6.10.



I would like to use a TP-Link router as a VPN server behind the Mikrotik router, and as I read, I have to forward GRE protocol 47 for this.



I tried many solutions I found online but nothing worked so far.



How should I set up the rule correctly?



Thanks in advance!










share|improve this question


















  • 1




    wiki.mikrotik.com/wiki/…
    – DavidPostill
    Nov 12 '15 at 16:17













up vote
1
down vote

favorite









up vote
1
down vote

favorite











I'm new to Mikrotik routers. I'm using mine with Webfig 6.10.



I would like to use a TP-Link router as a VPN server behind the Mikrotik router, and as I read, I have to forward GRE protocol 47 for this.



I tried many solutions I found online but nothing worked so far.



How should I set up the rule correctly?



Thanks in advance!










share|improve this question













I'm new to Mikrotik routers. I'm using mine with Webfig 6.10.



I would like to use a TP-Link router as a VPN server behind the Mikrotik router, and as I read, I have to forward GRE protocol 47 for this.



I tried many solutions I found online but nothing worked so far.



How should I set up the rule correctly?



Thanks in advance!







mikrotik






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 12 '15 at 14:40









sza

612




612








  • 1




    wiki.mikrotik.com/wiki/…
    – DavidPostill
    Nov 12 '15 at 16:17














  • 1




    wiki.mikrotik.com/wiki/…
    – DavidPostill
    Nov 12 '15 at 16:17








1




1




wiki.mikrotik.com/wiki/…
– DavidPostill
Nov 12 '15 at 16:17




wiki.mikrotik.com/wiki/…
– DavidPostill
Nov 12 '15 at 16:17










1 Answer
1






active

oldest

votes

















up vote
0
down vote













GRE protocol on its own is not enough.



Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.



For PPTP for example you need to forward port 1723 TCP.



For L2TP you need to forward port 1701 UDP.



For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).



Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding




Port forwarding



To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration



A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.



Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:



if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.



Comparable command line command:



 /ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86






share|improve this answer





















  • It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
    – sza
    Nov 13 '15 at 7:58










  • Post your configuration. /export
    – Cha0s
    Nov 13 '15 at 12:14











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f999610%2fhow-to-forward-gre-protocol-47-on-mikrotik-router%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote













GRE protocol on its own is not enough.



Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.



For PPTP for example you need to forward port 1723 TCP.



For L2TP you need to forward port 1701 UDP.



For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).



Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding




Port forwarding



To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration



A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.



Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:



if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.



Comparable command line command:



 /ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86






share|improve this answer





















  • It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
    – sza
    Nov 13 '15 at 7:58










  • Post your configuration. /export
    – Cha0s
    Nov 13 '15 at 12:14















up vote
0
down vote













GRE protocol on its own is not enough.



Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.



For PPTP for example you need to forward port 1723 TCP.



For L2TP you need to forward port 1701 UDP.



For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).



Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding




Port forwarding



To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration



A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.



Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:



if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.



Comparable command line command:



 /ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86






share|improve this answer





















  • It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
    – sza
    Nov 13 '15 at 7:58










  • Post your configuration. /export
    – Cha0s
    Nov 13 '15 at 12:14













up vote
0
down vote










up vote
0
down vote









GRE protocol on its own is not enough.



Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.



For PPTP for example you need to forward port 1723 TCP.



For L2TP you need to forward port 1701 UDP.



For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).



Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding




Port forwarding



To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration



A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.



Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:



if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.



Comparable command line command:



 /ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86






share|improve this answer












GRE protocol on its own is not enough.



Depending on which type of VPN service you are using you'll have to port forward some other TCP or UDP ports.



For PPTP for example you need to forward port 1723 TCP.



For L2TP you need to forward port 1701 UDP.



For OpenVPN you need to forward port 1194 UDP+TCP (OpenVPN does not use GRE).



Here is a port forwarding example to use: http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Port_forwarding




Port forwarding



To make services on local servers/hosts available to general public it
is possible to forward ports from outside to inside your NATed
network, that is done from /ip firewall nat menu. For example, to make
possible for remote helpdesk to connect to your desktop and guide you,
make your local file cache available for you when not at location etc.
Static configuration



A lot of users prefer to configure these rules statically, to have
more control over what service is reachable from outside and what is
not. This also has to be used when service you are using does not
support dynamic configuration.



Following rule will forward all connections to port 22 on the router
external ip address to port 86 on your local host with set IP address:



if you require other services to be accessible you can change protocol
as required, but usually services are running TCP and dst-port. If
change of port is not required, eg. remote service is 22 and local is
also 22, then to-ports can be left unset.



Comparable command line command:



 /ip firewall nat add chain=dstnat dst-address=172.16.88.67
protocol=tcp dst-port=22 action=dst-nat to-address=192.168.88.22
to-ports=86







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 12 '15 at 16:28









Cha0s

22115




22115












  • It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
    – sza
    Nov 13 '15 at 7:58










  • Post your configuration. /export
    – Cha0s
    Nov 13 '15 at 12:14


















  • It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
    – sza
    Nov 13 '15 at 7:58










  • Post your configuration. /export
    – Cha0s
    Nov 13 '15 at 12:14
















It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
– sza
Nov 13 '15 at 7:58




It's PPTP (with DD WRT on router), and port forwarding is set up correctly. Only the GRE 47 is missing, and I can't find a working "preset" rule, or guide how to allow it.
– sza
Nov 13 '15 at 7:58












Post your configuration. /export
– Cha0s
Nov 13 '15 at 12:14




Post your configuration. /export
– Cha0s
Nov 13 '15 at 12:14


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f999610%2fhow-to-forward-gre-protocol-47-on-mikrotik-router%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

"Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

Alcedinidae

RAC Tourist Trophy