L2TP\PPTP Mikrotik client behind NAT

RouterOS General
1

Greetings. I have issue with Mikrotik acting as a PPTP\L2TP client when it is behind NAT. Here is my setup(ITS a test environment with CHR’s on VirtualBox):
test_setup1.jpg
The problem is that Client wont connect to Server. When i try to monitor connections on a NAT router there is nothing. Literally. No connections to 80.80.80.1 from 172.16.0.2. The PPTP\L2TP interface receive strange ip’s

2 D 10.64.64.89/32     10.112.112.137  l2tp-out1

LOG output

09:29:57 l2tp,ppp,info l2tp-out1: initializing... 
09:29:57 l2tp,ppp,debug l2tp-out1: IPCP demandUp 
09:29:57 l2tp,ppp,info l2tp-out1: waiting for packets...

Debug log

09:34:47 route,debug,event Interface change 
09:34:47 route,debug,event     interface=l2tp-out1 
09:34:47 route,debug,event     status=UP,RUNNING 
09:34:47 route,debug,event     mtu=1500 
09:34:47 route,debug,event Interface change 
09:34:47 route,debug,event     interface=l2tp-out1 
09:34:47 route,debug,event     status=UP,RUNNING 
09:34:47 route,debug,event     mtu=1500 
09:34:47 route,debug,calc Begin calculation 
09:34:47 route,debug,event Link up 
09:34:47 route,debug,event     interface=l2tp-out1 
09:34:47 route,debug,event Update 
09:34:47 route,debug,event     interface=l2tp-out1 
09:34:47 route,debug,event Added candidate route 
09:34:47 route,debug,event     dst-prefix=0.0.0.0/0 
09:34:47 route,debug,event     attributes 
09:34:47 route,debug,event         protocol=DYNAMIC 
09:34:47 route,debug,event         distance=3 
09:34:47 route,debug,event         scope=30 
09:34:47 route,debug,event         target-scope=10 
09:34:47 route,debug,event         next-hop= address=10.112.112.136 
09:34:47 route,debug,event         origin-type=DYNAMIC 
09:34:47 route,debug,calc Select route 
09:34:47 route,debug,calc     dst-address=0.0.0.0/0 
09:34:47 route,debug,calc     attributes 
09:34:47 route,debug,calc         protocol=STATIC 
09:34:47 route,debug,calc         distance=1 
09:34:47 route,debug,calc         scope=30 
09:34:47 route,debug,calc         target-scope=10 
09:34:47 route,debug,calc         next-hop= address=172.16.0.1 
09:34:47 route,debug,calc         comment= 
09:34:47 route,debug,calc         origin-type=STATIC 
09:34:47 route,debug,calc End calculation 
09:34:47 route,debug Begin redistribution 
09:34:47 route,debug Skip update 0.0.0.0/0 
09:34:47 route,debug End redistribution 
09:34:48 route,debug,calc Begin calculation 
09:34:48 route,debug,event Address added or changed 
09:34:48 route,debug,event     local=10.64.64.88 
09:34:48 route,debug,event     network=10.112.112.136/32 
09:34:48 route,debug,event     interface=l2tp-out1 
09:34:48 route,debug,event Added candidate route 
09:34:48 route,debug,event     dst-prefix=10.112.112.136/32 
09:34:48 route,debug,event     attributes 
09:34:48 route,debug,event         protocol=CONNECT 
09:34:48 route,debug,event         distance=0 
09:34:48 route,debug,event         scope=10 
09:34:48 route,debug,event         target-scope=0 
09:34:48 route,debug,event         connected-net= address=10.64.64.88/32 interface=l2tp-out1 
09:34:48 route,debug,event         routing-mark=main 
09:34:48 route,debug,event         table=main 
09:34:48 route,debug,event         origin-type=CONNECTED 
09:34:48 route,debug,calc Tag next hop for recalculation 
09:34:48 route,debug,calc     address=10.112.112.136 
09:34:48 route,debug,calc Select route 
09:34:48 route,debug,calc     dst-address=10.112.112.136/32 
09:34:48 route,debug,calc     attributes 
09:34:48 route,debug,calc         protocol=CONNECT 
09:34:48 route,debug,calc         distance=0 
09:34:48 route,debug,calc         scope=10 
09:34:48 route,debug,calc         target-scope=0 
09:34:48 route,debug,calc         connected-net= address=10.64.64.88/32 interface=l2tp-out1 
09:34:48 route,debug,calc         routing-mark=main 
09:34:48 route,debug,calc         table=main 
09:34:48 route,debug,calc         origin-type=CONNECTED 
09:34:48 route,debug,calc Next hop resolved 
09:34:48 route,debug,calc     address=10.112.112.136 
09:34:48 route,debug,calc     route=10.112.112.136/32 
09:34:48 route,debug,calc     immediate-address=10.112.112.136 
09:34:48 route,debug,calc     interface=l2tp-out1 
09:34:48 route,debug,calc Select route 
09:34:48 route,debug,calc     dst-address=0.0.0.0/0 
09:34:48 route,debug,calc     attributes 
09:34:48 route,debug,calc         protocol=STATIC 
09:34:48 route,debug,calc         distance=1 
09:34:48 route,debug,calc         scope=30 
09:34:48 route,debug,calc         target-scope=10 
09:34:48 route,debug,calc         next-hop= address=172.16.0.1 
09:34:48 route,debug,calc         comment= 
09:34:48 route,debug,calc         origin-type=STATIC 
09:34:48 route,debug,calc End calculation 
09:34:48 route,debug Begin redistribution 
09:34:48 route,debug Accept add 10.112.112.136/32 
09:34:48 route,debug Skip update 0.0.0.0/0 
09:34:48 route,debug Commit prefix 10.112.112.136/32 
09:34:48 route,debug End redistribution

To see if the issue is in Mikrotik L2TP\PPTP client i have added a windows PC as a client.
Now the setup looks like this.
test_setup2.jpg
And it works just fine! I am able to connect, receive ip address and to ping the other end of the tunnel.
All routers is set to ACCEPT 0.0.0.0/0 on INPUT.
Settings for L2TP mikrotik client:

/interface l2tp-client
add allow=mschap1,mschap2 connect-to=80.80.80.1 dial-on-demand=yes disabled=no ipsec-secret=test mrru=\
    1500 name=l2tp-out1 password=ppp1 profile=test_profile use-ipsec=yes user=ppp1




/ppp profile
add change-tcp-mss=yes name=test_profile use-encryption=yes use-mpls=no




/ppp profile print 
Flags: * - default 
 0 * name="default" use-mpls=default use-compression=default use-encryption=default only-one=default 
     change-tcp-mss=yes use-upnp=default address-list="" on-up="" on-down="" 

 1   name="test_profile" use-mpls=no use-compression=default use-encryption=yes only-one=default 
     change-tcp-mss=yes use-upnp=default address-list="" on-up="" on-down=""

Mikrotik Server config

/interface l2tp-server server
set authentication=mschap1,mschap2 enabled=yes ipsec-secret=test use-ipsec=yes




ppp secret print detail 
Flags: X - disabled 
 0   name="ppp1" service=l2tp caller-id="" password="ppp1" profile=default-encryption local-address=192.168.10.1 
     remote-address=192.168.10.2 routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=dec/09/2016 10:28:11




ppp profile print 
Flags: * - default 
 0 * name="default" use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=yes use-upnp=default 
     address-list="" on-up="" on-down="" 

 1 * name="default-encryption" use-mpls=default use-compression=default use-encryption=yes only-one=default change-tcp-mss=yes 
     use-upnp=default address-list="" on-up="" on-down=""

Can someone help me to resolve this problem? Trying to figure this out for a few days now. PPTP Client acts the same. It’s just as it is not even trying to connect. When I “Torch” the interface ETH2 on NAT router there is no packets for 80.80.80.1. Firewall->Connections shows nothing too.