Hey all, as I was setting up a L2TP server, initially I’ve configured to use the same ip pool as the LAN. That didn’t work well (couldn’t connect to machines in the LAN), and on some site with instructions i’ve read that it has to be on a different subnet - no problem, i’ve just added another Pool, configured L2TP server to use that pool, works ok.
However, is it possible to have L2TP clients to be assigned IPs from the same pool as LAN computers. Perhaps even using a static IP for a given username?
(L2TP is just temporary so I saved time making certificates. I intend to set up OVPN in the future.)
When you share addresses between a local subnet and remote devices connected by an IP VPN (so L2TP, OVPN tun, SSTP or PPTP) the local devices will use ARP and this is unsuccessful for the remote devices. Use proxy-arp on the interface, or parent bridge if used, for the local subnet.
When I created a vpn tunnel using IKEv2, I had to create a faux subnet. So it was not a full dhcp subnet but just a pool of a few IPs if i recall (was a while ago).
But just to state I couldnt directly join a subnet but I think If I had wanted to go from VPN subnet to LAN subnet I would have to ensure it was allowed in the forward chain.
I simply used it to gain access to the router for admin purposes through the MIkrotik smart phone APP.
Thanks, arp-proxy worked. I configured my bridge_vlan5 to have arp mode as “arp-proxy”, then changed my PPP Profile (Pool, local ip, gateway) to the same IPs used by the LAN, and it seems to work all ok.
What people tend to forget - VPN interfaces are L3 interfaces not L2 - dialing in is not the same as plugging into the local network, the L2 protocols are largely lost.
Things like proxy-arp help, so the router is doing the work for you, but beyond using tech like vpls or eoip, you have to consider VPN’s another ‘network’ and adjust accordingly.