Hi guys.
It´s possible at this scenario the RB 2 request IPs from RB 1 over VPN? Both are in different networks.
You can try to run a DHCP relay on the L2TP client interface. An alternative would be to replace L2TP with GRE. You can still use IPSec to secure it. I know the L2TP VPNs use NAT exclusion policies and some people end up source NAT’ing the packets which may be part of your trouble. I don’t see why L2TP wouldn’t work but it may just be a more in depth look at your firewall policies.
/ip firewall export on both ends would be useful if you want to see if we can get it to work with L2TP.
That said it’s probably far easier and more reliable to just run the DHCP server on RB2 instead of RB1.
Thanks idlemind, some questions:
When I try to add a new DHCP Relay server there is no option to select the L2TP interface
I will make a test with GRE tunnel.
My RB1 is the “main” routerboard of a VPN group, its the RB that work like the L2TP server. I have many others RBs that connect to him and just for this that I want to make the RB1 work link a DHCP server, not the RB2.
So I set this up in a lab and my DHCP relay passes through the L2TP tunnel but the head-end sends an ICMP port unreachable message back to my relay server. Take the L2TP tunnel away and route it over normal Ethernet and all is well. I can’t seem to get it to work. That said I only spent a few minutes on it.