VLAN Routing Problem

fel92 · February 2, 2020, 2:09pm

Hello,

I have the following VLANs:

/interface bridge
add name=bridge1 pvid=10 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan10 vlan-id=10
add interface=bridge1 name=vlan15 vlan-id=15
add interface=bridge1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan30 vlan-id=30
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,vlan10 vlan-ids=10
add bridge=bridge1 tagged=bridge1,vlan15 vlan-ids=15
add bridge=bridge1 tagged=bridge1,vlan30 vlan-ids=30
add bridge=bridge1 tagged=bridge1,vlan20 vlan-ids=20

With the IPs:

/ip address
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.15.254/24 interface=vlan15 network=192.168.15.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
add address=192.168.30.1/24 interface=vlan30 network=192.168.30.0
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
/ip route
add distance=1 gateway=192.168.1.1

On ether1 is the Internet Router and on ether3 (VLAN 15) is a Server which provides VPN (L2TP). On the Internet Router i have a static Route 192.168.0.0 to Gateway 192.168.1.2. The Server itself is able to perfectly reach IPs in other VLANs. But if i connect with VPN to the Server, i can only reach IPs in VLAN 15. What do I need to change?

Here is the complete config:

# feb/02/2020 14:53:39 by RouterOS 6.46.2
#
# model = CRS328-24P-4S+

/interface bridge
add name=bridge1 pvid=10 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan10 vlan-id=10
add interface=bridge1 name=vlan15 vlan-id=15
add interface=bridge1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan30 vlan-id=30
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pool15 ranges=192.168.15.178-192.168.15.194
add name=pool30 ranges=192.168.30.100-192.168.30.254
add name=pool10 ranges=192.168.10.100-192.168.10.254
add name=dhcp_pool3 ranges=192.168.10.100-192.168.10.254
/ip dhcp-server
add address-pool=pool15 disabled=no interface=vlan15 name=server15
add address-pool=pool30 disabled=no interface=vlan30 name=server30
add address-pool=dhcp_pool3 disabled=no interface=vlan10 name=server10
/interface bridge port
add bridge=bridge1 interface=ether21 pvid=15
add bridge=bridge1 interface=ether24 pvid=30
add bridge=bridge1 interface=ether4 pvid=30
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=vlan15 pvid=\
    15
add bridge=bridge1 interface=vlan10 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether2 pvid=15
add bridge=bridge1 interface=ether5 pvid=15
add bridge=bridge1 interface=ether6 pvid=15
add bridge=bridge1 interface=ether7 pvid=30
add bridge=bridge1 interface=ether8 pvid=30
add bridge=bridge1 interface=ether9 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether10 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether11 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether12 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether13 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether14 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether15 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether16 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether17 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether18 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether19 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether20 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether22 pvid=15
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether23 pvid=15
add bridge=bridge1 interface=ether3 pvid=15
add bridge=bridge1 interface=vlan30 pvid=30
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,vlan10 vlan-ids=10
add bridge=bridge1 tagged=bridge1,vlan15 vlan-ids=15
add bridge=bridge1 tagged=bridge1,vlan30 vlan-ids=30
add bridge=bridge1 tagged=bridge1,vlan20 vlan-ids=20
/ip address
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.15.254/24 interface=vlan15 network=192.168.15.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
add address=192.168.30.1/24 interface=vlan30 network=192.168.30.0
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.1.1 gateway=192.168.10.1
add address=192.168.15.0/24 dns-server=192.168.1.99 gateway=192.168.15.254 \
    netmask=24
add address=192.168.30.0/24 dns-server=192.168.1.1 gateway=192.168.30.1 \
    netmask=24
/ip dns
set servers=192.168.1.1
/ip route
add distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Europe/Berlin
/system routerboard settings
set boot-os=router-os

fel92 · February 7, 2020, 2:06pm

I have sorted it out, it works now, the issue hadn’t anything to do with the VLAN routing or switching. The problem was that the VPN client had no route to the other subnets and therefor wasn’t sending that traffic through the VPN but instead locally.