Transparent bridge using PPtP and EoIP Issue

whiskeyman7 · December 24, 2016, 2:32am

Hey Forum Gurus,

I can’t seem to figure this out. Can someone check over the code and let me know if there’s any mistakes. I can establish an authenticated connection but thats about it. My client computer is not receiving an ip from the DHCP server on the pptp-server router.

The network topology is this:

LAN > pptp-server router > WAN modem > Internet cloud > WAN modem > pptp-client router > LAN
The LAN is 192.168.40.0/24

Server Router:
/interface pptp-server server set enabled=yes
/ppp secret
add name="xxx" service=pptp password="xxx" \
local-address=10.10.10.3 remote-address=10.10.10.2  \
disabled=no 
/interface eoip add name=eoiptunnel remote-address=10.10.10.2 \
tunnel-id=101 disabled=no
/interface bridge add name=bridge1-SEC
/interface bridge port add bridge=bridge1 interface=4_SEC_1
/interface bridge port add bridge=bridge1 interface=eoiptunnel

Client Router:
/interface pptp-client
add name="pptp-tunnel1" connect-to=xxx.xxx.xxx.xxx \
user="xxx" password="xxx" \
profile=default-encryption add-default-route=no \
disabled=no 
/interface eoip add name=eoiptunnel remote-address=10.10.10.3 \
tunnel-id=101 disabled=no
/interface bridge add name=bridge1-SEC
/interface bridge port add bridge=bridge1 interface=ether5-SEC
/interface bridge port add bridge=bridge1 interface=eoiptunnel

Thanks in advance.

whiskeyman7 · December 24, 2016, 5:21pm

Any Help?

whiskeyman7 · December 24, 2016, 6:25pm

I found the issue. I forgot to assign the DHCP server to the bridge.

whiskeyman7 · December 26, 2016, 3:31pm

Scratch that. I found another issue and need some help. It seems that some traffic is being blocked from the the Internet or being redirected but not all. For example netflix is working but web browsing doesn’t or a game on a phone doesn’t work when connected to that lan but works when connected outside that network. Thanks for your thoughts!

NiK · December 29, 2016, 10:33am

Possible, problem is in max MTU and MSS. When tunnel is established, all packets betwwen networks are incapsulated into tunnel IP packets. When one tunnel created inside other (Eoip inside PPtP) - encapsulation occurs twice.
Try to decelerate MTU and set TCP-MSS to MTU-40 on a border routers firewall.

whiskeyman7 · December 29, 2016, 5:24pm

Thanks for the reply Nik,

The problems were were on the side connecting to the internet which is also the dhcp server and pptp server. On the client side there were no problems. I will try your solution but wanted to run this by you first.

pe1chl · December 29, 2016, 7:14pm

Whenever you have tunneling in your router, and you are not trying to get the utmost in performance from a too-slow router, add this:

/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn

This will save you a lot of grief.

whiskeyman7 · January 4, 2017, 1:23am

Thanks for the reply. I have implemented that code and now testing.

thuekx · February 8, 2017, 9:23am

Thank you this advised give me a solution for my problem…

thanks a lot…