L2TP VPN on /23 subnet

mauroreggio · March 2, 2020, 5:07pm

Hi all.
I’ve one RB2011 that works like a VPN gateway for some mobile users.
L2TP VPN Server is configured on the RB2011.
For not use the “Use Gateway on the remote LAN” in the Windows VPN propriety, i create a IP POOL on a range in my network, assign at PPP Profile one addres in this pool when connect and set the LAN interface of the RB2011 with “ARP: proxy-arp” parameter for make L2TP users and network communicate in the right way.
All works good untill i change the class of my LAN: before 192.168.2.0/24, now 192.168.2.0/23 (available address from 192.168.2.1 to 192.168.3.254)
The result is that VPN user continue reach all machine from 192.168.2.1 to 192.168.2.255 but not reach 192.168.3.0 to 192.168.3.254
The reserved pool for L2TP user is 192.168.2.200 to 192.168.2.230
If i change the pool to 192.168.3.200 to 192.168.3.230 the result is in reverse way: user can reach all machine from 192.168.3.0 to 192.168.3.254 but not reach 192.168.2.1 to 192.168.2.255
With tracert on the client windows computer, i find that the client not know “as yours” the not reachable network .. and search this network trought the gateway.
The question is: there is a way to set a L2TP user IP address with a /23 subnet?
Sorry for the long explanation.
Thanks in advance.
Mauro.

Sob · March 2, 2020, 6:44pm

Currently there isn’t good solution. If not using VPN as default gateway, Windows client can use either dumb “class-based” route, which means that it will add route to 192.168.x.0/24. Alternatively, if can use DHCP to get routes to other subnets, but that’s AFAIK not supported by RouterOS (it can do it only for IKEv2, but not L2TP). Last option is to use client-side config, but the obvious downside is that it needs to be done on every client. At least with Windows 10 it’s one-time thing, I don’t remember the command, but it’s something in PowerShell and you can assign routes to VPN connection. For older versions you need to add routes manually every time you connect.

idlemind · March 2, 2020, 9:00pm

Add-VpnConnectionRoute

mauroreggio · March 5, 2020, 3:38pm

Hi all, thanks for support!!
It Works. “Add-VpnConnectionRoute” is the solution.
Really Thanks.
Bye,
Mauro.

mauroreggio · March 5, 2020, 3:40pm

I desire mark topic Solved, but i can select only one answare, and all two was usefull for me.
Sorry.

Sob · March 5, 2020, 3:41pm

Flip a coin.