Outside VPN PPTP/L2TP over EoIP or VPLS problem

RouterOS General
1

Problem is that client cant connect with outside(WAN) PPTP/L2TP servers from his side placed behind EoIP or VPLS tunnel. Other services works fine. I tested it also on our own PPTP server using our worker pc and it also didnt work on client side. Connection to PPTP works only before VPLS or EoIP tunnel.

Both routers are RB411AH running on Mikrotik 5.4
There is no any firewall rule on both mikrotiks.

WAN—>L3switch—>L2switch—>R1—(wlan)—>R2—>customers

R1:

ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                              
 0   172.30.8.58/29     172.30.8.56     ether1                                 
 1   192.168.0.1/24     192.168.0.0     wlan1_do_grafitowej

interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                             TYPE               MTU L2MTU  MAX-L2MTU
 0  R  ether1                           ether             1500  1526
 1  R  wlan1_do_grafitowej              wlan              1500  2290
 2  R  bridge1                          bridge            1500  1500
 3  X  ;;; 5.1.2011 97942
       eoip-tunnel1                     eoip-tunnel       1460 65535
 4  R  vpls_do_grafitowej               vpls              1500  1500

interface bridge print
Flags: X - disabled, R - running 
 0  R name="bridge1" mtu=1500 l2mtu=1500 arp=enabled 
      mac-address=00:0C:42:9C:A3:64 protocol-mode=none priority=0x8000 
      auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s 
      forward-delay=15s transmit-hold-count=6 ageing-time=5m 

interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE              BRIDGE              PRIORITY  PATH-COST    HORIZON
 0 X  eoip-tunnel1           bridge1                 0x80         10       none
 1    ether1                 bridge1                 0x80         10       none
 2    vpls_do_grafitowej     bridge1                 0x80         10       none

 ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          172.30.8.57               1
 1 ADC  172.30.8.56/29     172.30.8.58     bridge1                   0
 2 ADC  192.168.0.0/24     192.168.0.1     wlan1_do_grafit...        0

interface eoip print
Flags: X - disabled, R - running 
 0 X  ;;; 5.1.2011 97942
      name="eoip-tunnel1" mtu=1460 l2mtu=65535 mac-address=02:6C:28:E0:B1:94 
      arp=enabled local-address=0.0.0.0 remote-address=192.168.0.2 
      tunnel-id=111 

interface vpls print
Flags: X - disabled, R - running, D - dynamic, 
B - bgp-signaled, C - cisco-bgp-signaled 
 0 R   name="vpls_do_grafitowej" mtu=1500 l2mtu=1500 
       mac-address=02:75:C6:BA:6D:60 arp=enabled disable-running-check=no 
       remote-peer=192.168.0.2 vpls-id=1:2 cisco-style=no cisco-style-id=0 
       advertised-l2mtu=1500 pw-type=raw-ethernet




R2:

ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                              
 0   172.30.8.59/29     172.30.8.56     bridge1                                
 1   192.168.0.2/24     192.168.0.0     wlan1    

interface print 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                             TYPE               MTU L2MTU  MAX-L2MTU
 0  R  ether1                           ether             1500  1526
 1  R  wlan1                            wlan              1500  2290
 2  R  bridge1                          bridge            1500  1500
 3  X  ;;; 5.01.2011 224902
       eoip-tunnel1                     eoip-tunnel       1460 65535
 4  X  SUPER-eoip                       eoip-tunnel       1500
 5  R  vpls_do_ber3                     vpls              1500  1500

 interface bridge print
Flags: X - disabled, R - running 
 0  R name="bridge1" mtu=1500 l2mtu=1500 arp=enabled 
      mac-address=00:0C:42:9C:A3:63 protocol-mode=none priority=0x8000 
      auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s 
      forward-delay=15s transmit-hold-count=6 ageing-time=5m

interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE              BRIDGE              PRIORITY  PATH-COST    HORIZON
 0    ether1                 bridge1                 0x80         10       none
 1 X  eoip-tunnel1           bridge1                 0x80         10       none
 2    vpls_do_ber3           bridge1                 0x80         10       none

ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          172.30.8.57               1
 1 ADC  172.30.8.56/29     172.30.8.59     bridge1                   0
 2 ADC  192.168.0.0/24     192.168.0.2     wlan1                     0

 interface eoip print
Flags: X - disabled, R - running 
 0 X  ;;; 5.01.2011 224902
      name="eoip-tunnel1" mtu=1460 l2mtu=65535 mac-address=FE:75:AB:6D:AE:CB 
      arp=enabled local-address=0.0.0.0 remote-address=192.168.0.1 
      tunnel-id=111 

 1 X  name="SUPER-eoip" mtu=1500 mac-address=02:5B:86:6E:98:93 arp=enabled 
      local-address=0.0.0.0 remote-address=10.0.13.1 tunnel-id=10000 

interface vpls print
Flags: X - disabled, R - running, D - dynamic, 
B - bgp-signaled, C - cisco-bgp-signaled 
 0 R   name="vpls_do_ber3" mtu=1500 l2mtu=1500 mac-address=02:D4:DD:D9:4F:2F 
       arp=enabled disable-running-check=no remote-peer=192.168.0.1 
       vpls-id=1:2 cisco-style=no cisco-style-id=0 advertised-l2mtu=1500 
       pw-type=raw-ethernet
2

This was posted several years ago, but I’m seeing this behavior today on RouterOS 6.13 & VPLS setup. If this gets any responses I’ll post config/code, but problem is exactly the same. All other services (TCP & UDP) seem to work fine, full MTU size w/o fragmentation is good, links carrying VPLS traffic have MTU increased to 1600.