Community discussions

 
squintr
newbie
Topic Author
Posts: 28
Joined: Tue Nov 22, 2005 12:39 am

Problem with VLAN & PPTP VPN

Sat Feb 24, 2007 5:09 pm

I have been using the same config for a few years now but upgrading to the newest Mikrotik versions as they come out... and I think this may be contributing to my problem.

For the first time yesterday we setup a VLAN on an interface (as well as some queues) and since that time any user who VPN's into our network with a PPTP connection (assigned IP's from our IP pool) can only ping our gateway and other remote networks, they can't get to anything on our LAN (same interface the VLAN is on). If I disable the VLAN and move the rule to another interface OR remove the VLAN completely then reboot, everything is fine with the VPN. When we re-add the VLAN to the interface then reboot the VPN stays working but then the VLAN doesn't work -- it's one or the other.

We have some remote offices using PPTP connections but their IP's are not dynamically assigned, we have static routes and accept rules setup in firewall. They stayed up the whole time without a problem.
 
phendry
Member Candidate
Member Candidate
Posts: 258
Joined: Fri May 28, 2004 4:42 pm

Wed Mar 07, 2007 11:33 pm

We have also been trying to get this working and guess it is a similar issue as to why HSRP doesn't work on vlan interfaces either. Can Mikrotik confirm this is the case and if a fix is ever likely to happen or if we should start investing in RB44's ;)
 
changeip
Forum Guru
Forum Guru
Posts: 3803
Joined: Fri May 28, 2004 5:22 pm

Thu Mar 08, 2007 2:56 am

I am assuming its either a firewalling issue, or the MTU on the physical vlan interface (parent) should be set to 1504 ... just a guess.

Sam
 
phendry
Member Candidate
Member Candidate
Posts: 258
Joined: Fri May 28, 2004 4:42 pm

Thu Mar 08, 2007 3:09 am

I don't think it's either. I can ping from a device on one of the vlans with 1500byte packets and DF set to another device on a different vlan and we haven't got any firewall rules in place. Have tried this at a number of installations with no joy. Have you had any success and how do you set the mtu on an ethernet port to anything higher than 1500?
 
changeip
Forum Guru
Forum Guru
Posts: 3803
Joined: Fri May 28, 2004 5:22 pm

Thu Mar 08, 2007 8:01 pm

This is similiar to the problem i had, I could ICMP all day long, but until I set 1504 mtu on the parent interface tcp and udp didn't work correctly, even when using small packets. I assumed it was a mismatch between my windows 2003 server using intel vlans, vmware guest assigned one of those vlan nics, and mikrotik as the gateway.

So the PPP connection, which has nothing to do with a physical interface, causes the vlan to stop functioning? Weird. Is this on a soho license thats limited to 1 of each?
 
squintr
newbie
Topic Author
Posts: 28
Joined: Tue Nov 22, 2005 12:39 am

Thu Mar 08, 2007 8:02 pm

Actually I think the issue with ours was that our ARP on the VLAN & NIC Interface was set to enabled instead of 'proxy-ARP'. After this change it worked.
 
phendry
Member Candidate
Member Candidate
Posts: 258
Joined: Fri May 28, 2004 4:42 pm

Thu Mar 08, 2007 11:43 pm

Actually I think the issue with ours was that our ARP on the VLAN & NIC Interface was set to enabled instead of 'proxy-ARP'. After this change it worked.
We had always set ours to proxy-ARP but still no joy. Would you care to post your configs?
 
phendry
Member Candidate
Member Candidate
Posts: 258
Joined: Fri May 28, 2004 4:42 pm

Fri Mar 09, 2007 12:19 am

So the PPP connection, which has nothing to do with a physical interface, causes the vlan to stop functioning? Weird. Is this on a soho license thats limited to 1 of each?
Level 5 license so that's not the issue. It doesn't stop the vlan interface from working you just can't ping anything on the vlan from the PPTP client and hence you can't access any local resources.

Who is online

Users browsing this forum: Google [Bot] and 112 guests