Brief overview of what I am trying to accomplish:
We have a hosted VM cluster infrastructure running Hyper-V 2012 R2
We have multiple clients that have virtual servers (file, RDP, exchange) being hosted in our system, each system is on its own VLAN and all devices are configured with non-overlapping subnets
The clients have a MikroTik at their location
We need to get a VPN tunnel setup between the client's office and the data center so they can access data directly off their virtual appliances.
Rather than having a physical box running X86 RouterOS that could potentially fail and cause problems we decided to try to virtualize the router instead
For several of our clients we have setup single install virtual machines running RouterOS 4x with 2 virtual nics (WAN and LAN) and on the virtual nic that is attached to the LAN side we are using hyper-v's setting to allow only traffic with a given vlan-id
Down side to this is, if we have 50 clients, we need 50 VM's lying around to handle it
What we want to try and accomplish is to merge all of the routers into single a VPN concentrator using RouterOS (or CHR)
How we are trying to accomplish:
1) Setup a virtual machine for the new concentrator
2) Added two virtual nics to the machine (eth1=wan eth2=lan)
add-vmnetworkadapter -vmname Concentrator -SwitchName WAN | rename-VMNetworkAdapter -name Eth1
add-vmnetworkadapter -vmname Concentrator -SwitchName ClientPrivate | rename-VMNetworkAdapter -name Eth2
3) used powershell to edit the nic that is the lan side to enable trunk mode using the command:
set-vmnetworkadaptervlan -vmname Concentrator -VMNetworkAdapter ETH2 -Trunk -AllowedVlanIdList 900-999 -NativeVlanId 0
4) installed RouterOS in the virtual machine (tried with both 4.x using legacy nics, and with the latest release candidate for CHR using both legacy and synthetic nics)
5) created a new vlan interface on eth2 using a vlan id inside the allowed vlan scope of the vritual switch (900-999)
/interface vlan add interface=ether2 name=vlan999 vlan-id=999
tested with another VM that is bound to the same vlan setup in step 5, it cannot see the RouterOS device and the RouterOS device cannot see the VM, doing packet captures, it appears that somewhere in RouterOS it is stripping the VLAN data off of the network traffic and just dropping it
the RouterOS device can communicate on the LAN virtual nic on the native vlan-id that is set in on the virtual adapter but not on any of the vlans that are allowed
Alternatively we can add multiple virtual network cards to the VM for each customer and have hyper-v manage the vlans on the nic directly but hyper-v has a limitation of 8 virtual network cards so that would limit us to 1 wan and 7 client devices per router, this would reduce the number of routers but would still be a pain to keep everything running
we tried the same thing with PFSense and another software-router solution and they were both able to attach vlan's to the virtual nics without issues
is this a bug in the networking of RouterOS or is this just some setting I seem to be missing?