Multiple Site L2TP - Routing - DNS Questions

RouterOS General
1

I have been playing with several RB2011 (both with wlan and without) over the last week and they seem awesome. While I have been able to sucsessfully setup a multi-site L2TP with 3 remote offices connecting back to the HQ (following this guide for the most part http://wiki.mikrotik.com/wiki/PPTP_VPN_-_multiple_ADSL_remote_locations_to_Cental_Office) I do have two outstanding issues.

  1. While Remote Office (RO) to HQ works great, RO to RO traffic does not seem to pass. While I will attache a few config outputs, the basic setup is

HQ:
WAN IP: Static
Internal Network: 10.10.10.0/24
L2TP-Local Address - 10.10.10.21

RO 1:
WAN IP: Dynamic
Internal Network: 10.10.11.0/24
Internal Gateway: 10.10.11.1
L2TP-Remote Address - 10.10.11.1

RO 1:
WAN IP: Dynamic
Internal Network: 10.10.12.0/24
Internal Gateway: 10.10.12.1
L2TP-Remote Address - 10.10.12.1





HQ Config:

/ip route print

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 75.XXX.XXX.30 1
1 ADC 10.10.10.0/24 10.10.10.1 bridge-local 0
2 A S 10.10.11.0/24 l2tp-ESA-RT5 1
3 ADC 10.10.11.1/32 10.10.10.21 l2tp-ESA-RT5 0
4 A S 10.10.12.0/24 l2tp-ATL-HO 1
5 ADC 10.10.12.1/32 10.10.10.21 l2tp-ATL-HO 0
6 ADC 75.XXX.XXX.28/30 75.XXX.XXX.29 ether1-gateway 0
7 ADC 172.0.0.4/32 172.0.0.1 l2tp-RT4-HOU


/interface l2tp-server (cleaned up formatting)

NAME - Service Caller ID - Password - Profile - Remote-Address
ESA-RT5 - l2tp - XXXXX - default-encryption - 10.10.11.1
ATL-HO - l2tp - XXXXX - default-encryption - 10.10.12.1






RO1:

/ip route print

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 10.5.1.14 1
1 ADC 10.5.1.0/24 10.5.1.211 ether1-gateway 0
2 A S ;;; To other offices
10.10.0.0/18 l2tp-out1 1
3 ADC 10.10.10.21/32 10.10.11.1 l2tp-out1 0
4 ADC 10.10.11.0/24 10.10.11.1 bridge-local 0


RO2:

/ip route print

\

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 192.168.1.1 1
1 A S 10.10.10.0/24 l2tp-out 1
2 ADC 10.10.10.21/32 10.10.30.1 l2tp-out 0
3 A S 10.10.11.0/24 l2tp-out 1
6 ADC 192.168.1.0/24 192.168.1.178 ether1-gateway 0






Finally my second issue (much less pressing) is even though RO1 and RO2 can access HQ endpoints, its only by IP and not by DNS, any thoughts there?