I have a client that we setup a VPN between two of their locations using DSL. The VPN appears to be working flawlessly.
The new office (satellite office) routes everything back to the Main office for all connectivity. The satellite office egresses onto the internet at the main office too.
The issue appears to be around printing. They are using a legacy application that use what appears to be RAW printing to port 9100 but the software company says it’s LPD/LPR. I can see the connection attempts at both routers but I only see traffic headed one direction. Because we’re using Policy Based Routing for Internet routes and Internal routes connection tracking is active. But the only rules are mangle rules to identify traffic. I can’t see anything that should be messing with this traffic.
I know it’s hard to diagnose with so little information, and I can post more if needed. Does anyone see something I might be missing?
First, I must re-activate the old LANCOM router. I can ping the print server on the other side of VPN and configure via web interface, but I can’t print. Who can help me? What can I do to activate the print function?
Thank you for your reply. But this can not be the problem. I’ve on both sides a syncron 25 Mbit/s line. And with the lancom devices it works. I think it’s a feature of mikrotik ip-tables, but I don’t know which.
It’s been a while since I’ve seen this, but I seem to remember it being something to do with MTU or fragmentation. The fix was to replace the ancient [they only had 10M ethernet ports] Jetdirect print servers with something else.
the problem is solved now. While the logging was turned on, I could see the needed rule for firewall. Now works the LPD/LPR-Printing fine.
Add on Address-List in IP-Firewall the vpns for printing:
0 print_over_vpn 10.112.0.0/16
1 print_over_vpn 192.168.2.0/24
2 print_over_vpn 192.168.10.0/24