I’m evaluating a RouterOS currently on virtual machine to estimate some functions that need to me - if all will be good, planning to buy Mikrotik Wi-Fi router. One of features which I’m interested in is L2TP client, so first of all I’ve tried to configure it on my test environment (one “client PC” under Windows and RouterOS host which serves as a router). Although client configured and connection established (was able to traceroute remote gateway on remote VPN), I saw that l2tp interface got wrong network settings from DHCP server - see configuration commands and info below:
Meanwhile according to SoftEther server logs (it’s used as L2TP server) - DHCP supplies all correct network settings including network, gateway etc:
2015-08-20 08:51:35.343 L2TP PPP Session [xxx.xxx.xxx.xxx:48390]: Trying to request an IP address from the DHCP server.
2015-08-20 08:51:35.484 [HUB "VPN01"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "00-AC-CA-F7-19-BC" (10.7.0.1) on this session allocated, for host "SID-xxxxx-[L2TP]-10" on another session "CA-82-6F-00-9A-3E", the new IP address 10.7.0.100.
2015-08-20 08:51:35.484 L2TP PPP Session [xxx.xxx.xxx.xxx:48390]: An IP address is assigned. IP Address of Client: 10.7.0.100, Subnet Mask: 255.255.255.0, Default Gateway: 10.7.0.1, Domain Name: "ll-local", DNS Server 1: 8.8.8.8, DNS Server 2: 0.0.0.0, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0, IP Address of DHCP Server: 10.7.0.1, Lease Lifetime: 43200 seconds
2015-08-20 08:51:35.484 L2TP PPP Session [xxx.xxx.xxx.xxx:48390]: The IP address and other network information parameters are set successfully. IP Address of Client: 10.7.0.100, Subnet Mask: 255.255.255.0, Default Gateway: 10.7.0.1, DNS Server 1: 8.8.8.8, DNS Server 2: 0.0.0.0, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0
So could you please explain, what I’m doing wrong?
Could anybody help? In addition - with this settings I able only to ping gateway from the VPN network (10.7.0.1), other hosts which should be accessible through NAT configured on remote side, isn’t accessible.
I’m back - so let’s describe again. I’ve installed RouterOS on virtual machine to test functionality which is interested to me, L2TP client. So the diagram is the following:
On the client side we have a virtual machine with 2 network interfaces, first is for “LAN” (isn’t needed on preliminary testing) second is for “WAN” (plugged to NAT and have an internet connection).
On the server side we have a VPS in hosting provider data center which is runing under Ubuntu server and have a SoftEther VPN server configured on it. It have a L2TP server function enabled and I haven’t any problems to connect to it using built-in WIndows L2TP client, all functioning as it should including remote gateway accessibility etc.
So I’ve configured RouterOS L2TP client with the following commands:
After that connection is established and I can see it also in SoftEther server logs. Moreover, when I’m trying to ping IP address which was assigned to RouterOS client from VPN server side I see that ICMP packets is arriving RouterOS side according to packet sniffering logs. But connection doesn’t work as it should (for example I can’t ping remote gateway address) - I guess because after connection established, interface got wrong network settings:
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=192.168.0.1/24 network=192.168.0.0 interface=ether1 actual-interface=ether1
1 D address=10.0.3.15/24 network=10.0.3.0 interface=ether2 actual-interface=ether2
2 D address=10.7.0.100/32 network=1.0.0.1 interface=l2tp-test actual-interface=l2tp-test
So could you explain please what I’m doing wrong here?
Moreover, when I’m trying to ping IP address which was assigned to RouterOS client from VPN server side I see that ICMP packets is arriving RouterOS side according to packet sniffering logs. But connection doesn’t work as it should (for example I can’t ping remote gateway address) - I guess because after connection established, interface got wrong network settings:
What packets you need exactly - I mean which session need to be captured? As I’ve written above, connection established successfully and ICMP packets is arriving on RouterOS side while I’m trying to ping it’s assigned IP from VPN server side.
Situation is the following: when I’m trying to ping from the VPN server, ICMP request packets is arriving at RouterOS side according to packet capture log, but no ICMP response packets generated on l2tp-test interface because as I’ve written above it got wrong network settings. Here is packet log:
I’m afraid that file host site is a bit confusing as there’s about 2000 download links, and most of them probably lead to some kind of Malware. Is there somewhere else you can host the file, like Dropbox or Google Drive?
Thanks. It could be getting dropped by a firewall, or maybe it’s going out the wrong interface due to the incorrect network field. What happens if you run the sniffer on all interfaces? Do you see replies going out?
That’s I’ve talked about already - the remote VPN gateway is unreachable due to incorrect network settings which l2tp-test interface got after connection (look at the network field for l2tp-test interface):
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.0.1/24 192.168.0.0 ether1
1 D 10.0.3.15/24 10.0.3.0 ether2
2 D 10.7.0.100/32 1.0.0.1 l2tp-test
I’ve understood it’s already, my question was - why L2TP interface getting wrong network settings during connection and how to fix it? As I’ve written before - Windows client is works good, no any problems.
Before we can attempt to fix it, we need to know what’s causing the issue, and what affect it has. This generally requires packet captures and some detailed diagnosis. Unfortunately this can be time consuming.
If you know a better way, please go ahead and let us know how you fix it.
