Community discussions

 
nickb333
just joined
Topic Author
Posts: 12
Joined: Sat Jul 25, 2015 1:45 pm
Location: UK
Contact:

L2TP server interface in VRF?

Wed Oct 10, 2018 6:26 pm

Hi,
I am trying to isolate L2TP connections on my router so the traffic goes into separate VRFs.

I have created two static l2tp server instances
/ip route vrf
add interfaces=l2tp-in1,ether4 routing-mark=SYSTEM1
add interfaces=l2tp-in2,ether3 routing-mark=SYSTEM2
Created two VRFs
/ip route vrf
add interfaces=l2tp-in1,ether4 routing-mark=SYSTEM1
add interfaces=l2tp-in2,ether3 routing-mark=SYSTEM2
However when I connect from L2TP client to l2tp-in1 I can still ping stuff in SYSTEM2 vrf or the main routing table.

I've read viewtopic.php?t=45122 but that seems to refer to PPPoE.

What am I missing?

Thanks.
Nick B.
Nottingham/UK
 
User avatar
floaty
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: L2TP server interface in VRF?

Thu Nov 22, 2018 1:12 am

I'm not really an english-teacher ... but ...

I can still ping stuff in SYSTEM2 vrf or the main routing table.

when we examine the word 'or' in the quote above , it is not possible to bring the described failure in compliance to master George Boole ... aren't we ?

... so: first check if the setup you've tested in, may be leaky (in terms of routing - detouring the box you wanted to test).

... allways noteable in Mikrotik-OS ( ... until now [v6.4xx]) you can have overlapping address-space in VRF's ... BUT ! ... you can not have overlapping interface-addresses in different VRF's on your MTik : |


sincerely

floaty
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
nickb333
just joined
Topic Author
Posts: 12
Joined: Sat Jul 25, 2015 1:45 pm
Location: UK
Contact:

Re: L2TP server interface in VRF?

Sat Dec 01, 2018 11:52 pm

Thanks for your helpful reply. I see you posted a solution using scripts which makes things clearer to me. I've implemented VRFs on Cisco equipment but Mikrotik just doesn't work the way I was expecting it to!
Nick B.
Nottingham/UK

Who is online

Users browsing this forum: Baidu [Spider] and 119 guests