PPPoE Client over L2TP tunnel (LAC-LNS)

keyboarder · December 28, 2015, 11:51am

Hi Forum,

I try to connect PPPoE client over L2TP tunnel between Cisco router (LAC) and RouterOS 6.33(LNS).

Someone already did he ? if so, how ???

regards,

Adrien

keyboarder · December 29, 2015, 11:53am

I found how to do it!

By cons is it possible to mount the server in a VRF L2TP and PPP sessions in another VRF?

thanks for your help,

regards,

Adrien

ZeroByte · December 29, 2015, 7:22pm

I managed to get L2TP into its own VRF, but I had to use a work-around for it.

This way may not be the best way, or I may have missed something, but it seems to me that the problem was getting the L2TP server to realize that it was supposed to be using the VRF. My lab had a specific IP address (10.0.0.1) for the LNS, so I created a routing rule that forced the replies into the VRF.

/ip route rule
add action=lookup-only-in-table src-address=10.0.0.1/32 table=LNS

Perhaps there’s a way to create a L2TP interface and add that to the VRF - I’ll post here if I get that figured out.

ZeroByte · December 29, 2015, 8:28pm

Interestingly, even when the PPPoE service is bound to an interface that’s in a VRF, the sessions’ routing information is added to the main routing table.

It would be nice if the profile had a way to specify what VRF the dynamic interfaces would be placed in.

keyboarder · December 30, 2015, 9:39am

Hi

Thanks for your response

I try to place the L2TP-in Interface, the ether and brigde interface to vrf but the in the configuration the ppp client session not working…

if i make the same configuration without vfr it’s working !

it’s my configuration without vrf :

/interface l2tp-server
add name=l2tp-in1 user=“”
/ip pool
add name=pppoe-pool ranges=10.1.1.62-10.1.1.72
/ppp profile
add dns-server=x.x.x.x local-address=192.168.x.x name=pppoe-profile remote-address=pppoe-pool
add bridge=LNS-Bridge name=l2tp-profile
/interface bridge port
add bridge=LNS-Bridge interface=ether5
/interface l2tp-server server
set default-profile=l2tp-profile enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.x.x/30 interface=LNS-Bridge network=192.168.x.x
/ppp aaa
set accounting=no
/ppp l2tp-secret
add address=192.168.x.x/32 secret=xxxxxx
/ppp secret
add name=test@xxxxxx.xxx password=xxxxx profile=pppoe-profile service=l2tp

do you know if it possible to mount a PPP client session in a vrf?

ZeroByte · December 30, 2015, 6:47pm

I had tried bridging the PPPoE into a vrf interface but that didn’t work because each pppoe session dynamically creates an interface, and that interface is not part of the vrf.

There’s a “run this script at connect” and “run this script at disconnect” tab for the PPPoE profile. If you could make a script that adds the dynamic interface to the vrf, that might work.

pukkita · January 1, 2016, 12:55pm

If its only for a handful of PPPoEs maybe a Interface > PPPoE Server Binding could be used?

nz_monkey · January 2, 2016, 9:57pm

I have requested Mikrotik add a radius attribute to do this several times now.

It would help if you have this requirement to email support@mikrotik.com and let them know you need it too.