Hi all, weird issue i have met - i have l2tp server with proxy-arp on for related bridge. IP for l2tp clients are from same rage for bridge. Everything works fine - clients able reach internet and lan clients. Mentioned device also acts as l2tp client to server in wide internet - here lan clients are routed via l2tp interface using marking via mangle and this works also just great. But when i have both solutions online - vpn clients to l2tp on mine device unable view lan cliens and seems proxy-arp not working at all. Routing list:
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 X S 0.0.0.0/0 l2tp-out1 1
1 A S 0.0.0.0/0 7x.xx.xx.xx 1
2 A S 1.1.1.1/32 l2tp-out1 1
3 A S 8.8.8.8/32 l2tp-out1 1
4 ADC 10.10.8.0/24 10.10.8.1 bridge 0
5 ADC 10.10.9.0/24 10.10.9.1 bridge_guest 0
6 ADC 7x.xx.xx.0/18 7x.xx.xx.xx wan 0
7 ADC 192.168.42.1/32 192.168.42.10 l2tp-out1 0
Avoid using proxy ARP and same network for LAN and VPN.
Choose a different /24, you can use the same local address for every client, and if you need to reach LAN clients from VPN just masquerade.
Hi Redmor, thanks for reply. I understand your suggestion - but again, issue with VPN clients to Mikrotik device being unable reach LAN clients remain when L2TP Mikrotik client is active. I may be issue with mine L2TP client config - but i have checked with option to add default route - issue is still there. Hope this is not Mikrotik bug as i suspect issue is with routing.
I don’t think it’s a routing problem because you have same network for LAN and L2TP, so there’s nothing to route, or maybe you’re marking LAN connections using only src-address and you don’t have dst-address (for example !LAN Network), in that case you mark everything and you wouldn’t neither be able to ping another PC in LAN.
Not sure about proxy-arp, a MK Trainer said to me during MTCNA course to not use it with VPNs, so I found another way.
Yes i have checked different /24 with masq - issure remain there. Mine mikrotik acts as l2tp server and client on same time - when mikrotik have l2tp client interface up all mikrotik clients connected to mikrotik l2tp service unable reach lan clients.
The fact that is both client and server should not make this problem.
I suggest to post remaining configuration (I don’t see mangle) and wait for someone else to answer, I never tried this configuration with both client and server, I always had configuration like L2TP client in another client.
Is a configuration that you tried in previous versions? Since 6.41, bridge configuration changed.