I have recently deployed my network config on a Mikrotik router, and I have an issue with AirPrint network printer discovery.
I have one bridge, called Bridge. My network is 192.168.88.0/24, with 192.168.88.1 as the gateway address. My pool is 192.168.88.10-192.168.88.99.
There is no VLAN at all. I configured an L2TP/IPSec VPN server, with one profile, the VPN gateway in the profile is 192.168.88.100, and there is no DNS server added.
I have one ipsec profile, with a dedicated IP address 192.168.88.101. And I use proxy-arp on Bridge.
So I have 192.168.88.10-99 IP pool for local LAN, I use 192.168.88.1 as the default router IP, gateway, and I use 192.168.88.100 as the VPN gateway,
and 192.168.88.101 as my VPN IP address.
So using VPN i use the same subnet as my LAN, I can ping all the connected devices, but Bonjoure does not work. I cannot see my AirPrint network printers, and I cannot
see my SMB network drives/shares as well. Using IP address, I can connect to my SMB, but not displaying in the file manager as an available network drive.
When I use just most LAN without VPN, I see my AirPrint printer and I see my networks shares as well.
What am I missing?
Thank you in advance!
Best wishes,
Peter Mezei.
You may be missing the fact that by using arp=proxy-arp you cannot make L3 point-to-point tunnels start transporting broadcast traffic, which is likely used to discover the printer on the LAN, as there is no such thing like broadcast traffic on L3 point to point tunnels. So you’d need an L2 tunneling protocol to make that work, and that would require another Mikrotik as the VPN client. arp=proxy-arp only makes sure that the router will send ARP responses to its LAN hosts’ ARP requests regarding those IP addresses which lay within these hosts’ subnet but from the perspective of the router, they are exceptions from that subnet, with their own routes (as /ip route print will show you).
Broadcasts don’t work over VPN. So unless you use EoIP from Tik to Tik… You are not going to see the printer via airprint. Now if you can set the IP address of that printer on your device… That would work.
Thank you for reply.
So if I understand it correctly, in 2020 there is no way to vpn into a private network using my iPhone and print a document to my AirPrint printer?
There may be, but it depends on how the iOS handles it, which an Apple forum might answer better than a Mikrotik one. If the only way to determine the IP address of the printer in iOS is via the autodiscovery, i.e. if you cannot manually add a printer with a given IP address, then your conclusion is correct.
You have to understand that things like Airprint/Bonjour/mDNS/whatever where NEVER designed to “leave” the local LAN of your home.
So yes, it is very normal these things just don’t work so easily with more complex setups like home VLAN’s, remote VPN’s etc,etc.
There might be ways, but certainly not just out-of-the-box.