i have recently started playing with mikrotik’s, and im very pleased with the capabilities of it. Only if my knowledge could follow it
so, i have problem, i have made L2TP/IPSec link from my home to my work. Work has RB450G on a public IP, home has RB450G on a DIR-300 router establishing PPPoE connection from ISP’s Thomson speedtouch modem. Ip on PPPoE is assigned dynamically on each connection that is limited to 24h duration, then it reconnects.
So my problem, when i set it up, it all works, until it reconnects. On work MTK on firewall>connection i see that home MTK IS trying to connect again, like it should, but source IP is the one before reconnection. At the same time if i have computer plugged in that home MTK im going out to the Internet with the current IP.
Yes my public IP changes, but in that setup there is no reference to the Client IP.
L2TP client dials IP of the L2TP server, and server is static. Problem is that it sends wrong source IP, so L2TP server cant return packages correctly.
lets say from 00:00 till 12:00h on my PPPoE i had assigned IP 1.2.3.4
at 12:01 i got automatic reconnect and got new IP 1.2.3.5
my work router incoming connection would be made from 1.2.3.4, even-though its not assigned to me anymore
I guess something is NAT-ing me wrong, but cnt figure it out what, how and why, cause if i use winbox from that MTK to work MTK connection is made with 1.2.3.5 for winbox.
Quote from wiki:
“NAT requires connection tracking,
and NAT is only evaluated for the first packet in a connection. All other packets in the same connection will then
have the same action as the first packet applied to them, for the lifetime of the connection.”
if i am understanding this correctly, NAT will change address in first package of my connection and then continue to do so, and since my MKT is keeping that connection open indefinitely it gets processed the same way (basically with an old public IP).
So when i reset my DIR-300, or kill connections in my MTK’s and disable L2TP client for a minute and then enable it back, it connects again because that connection was broken and “first packet” of a “new” connection was properly processed again?
