L2TP multi network

vitali · December 15, 2019, 11:47pm

Gents,
Need some assistance with accomplishing a complicated L2TP network. I’m a freshman in networking that’s why i’m texting here, so excuse me if something below doesn’t sound clever.

The idea is as follows, we have:
-l2tp server with static public ip (Mikrotik router) with local devices connected to it
-several l2tp clients (Cellular routers with dynamic IPs, tp-link) and several local devices connected to each of them

several PC l2tp clients

The task is that once the l2tp clients are connected to the server, they can further interconnect to all local devices of l2tp clients. See picture.

I tried different combinations but the max result i can get is to connect to local devices of actual server, and only to client routers. All local client local networks are not reachable.

I’ve found some similar topics regarding this in the forum, but all of them are about reaching locals of the server. No one tried to reach locals of other l2tp clients.

I’m guessing that there is a trick with networks segments, subnets, NAT, etc. but if you could give me a clue which way to go with settings that would help. Samples would be helpful.

thanks

SiB · December 16, 2019, 8:56am

VERY THANKS for schema. I very like persons who describe a problem that way.

I have even more complication schema then your’s and this works.

I really recommended to learn and do this one HowTo who have got the best way to use many WAN’s at ones. I think in your setup only problem is with accessing few WAN’s at ones.

Bandwidth-based load-balancing with failover. This presentation also covers Mangle.
This was presented at the MUM (MikroTik User Meeting) in New Orelans, USA.
Tomas Kirnak - YouTube: https://www.youtube.com/watch?v=67Dna_ffCvc&t=1s
http://mum.mikrotik.com/presentations/US12/tomas.pdf

EDIT:

All local client local networks are not reachable.

This is only a route & firewall problems if connection L2TP is established.

vitali · December 16, 2019, 10:26pm

Looked through the links and is more about load balancing.

Yes i assume that it is mostly with routing and NAT settings, but would be good to see any sample close to mine problem so that could be resembled. Or maybe some certain settings in the firewall? As for example when i ping the client local network from mikrotik routerOS, but cannot reach it being the other client. so i’m close but need a tip.

Thanks

SiB · December 17, 2019, 9:22am

The tip is as always:
*) Check Touch/Connections/Sniffer - those give you information if Rx have some package from VPN Clients and you must look about Tx to other interface … Tx give you info that you send but 0 in Rx give info e.g. remore site not route to your network or just you send it from wrong subnet.
*) Firewall catch rule with passthrough at 1st in Input/Forward chain and enable logs on it, move it lower and lower to detect when the counters will stop and place accept in right place
*) just add in Firewall rules from=subnetA to=subnetB accept in all In/Forw/Out chains with logs and discover traffic.

All those methods are big thoubleshouting and sometimes we must look at packet diagram flow od Ros6, sometimes in Ipsec add action=none, sometimes to sleep and next day is better to start searching.

BTW: Use your mobile phone, connect to the L2TP vpn, run any Ping software and diagnose problem in WinBox at your PC. Or just use both PC.