Community discussions

 
un7known
just joined
Topic Author
Posts: 7
Joined: Sat Jan 26, 2019 12:51 pm

DHCP Client brige l2tp tunnel

Fri Feb 08, 2019 8:19 am

Hello. I can not make the following scheme work.

Mikrotik CHR ether1 - internet

Mikrotik AP ether1 - internet

DHCP SERVER ---> CHR.ether2 ---> l2tp server --> INTERNET ---> NAT ---> l2tp client ---> AP.wlan1 ---> DHCP Client

it is necessary that the access point which is behind nat gave dhcp from the server which is connected to ether2 mikrotik chr. I am use https://wiki.mikrotik.com/wiki/Manual:B ... ridging%29

Access point config

/interface bridge
add admin-mac=CC:2D:E0:5A:C3:3E auto-mac=no fast-forward=no name=bridge-remote
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto mode=ap-bridge ssid=test_2
set [ find default-name=wlan2 ] disabled=no mode=ap-bridge ssid=test_5
/interface wireless security-profiles
set [ find default=yes ] eap-methods="" supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ppp profile
add bridge=bridge-remote change-tcp-mss=no name=profile1 use-encryption=yes
set *FFFFFFFE use-encryption=default
/interface l2tp-client
add connect-to=80.xxx.xxx.173 disabled=no max-mru=1600 name=l2tp-out1 password=ppp123 profile=profile1 user=ppp1
/interface bridge port
add bridge=bridge-remote interface=wlan1
/ip address
add address=192.168.88.10/24 interface=bridge-remote network=192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=bridge-remote use-peer-dns=no use-peer-ntp=no
/ip firewall service-port
set pptp disabled=yes ports=1723
/system clock
set time-zone-name=Asia/Krasnoyarsk
/system identity
set name=AP
CHR config

/interface bridge
add admin-mac=00:15:5D:C2:07:16 auto-mac=no fast-forward=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] comment=Internet disable-running-check=no
set [ find default-name=ether2 ] comment="vlan 45" disable-running-check=no
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec peer profile
set [ find default=yes ] enc-algorithm=aes-256,aes-192,aes-128,3des
/ppp profile
add bridge=bridge-local name=l2tp-profile1
/interface bridge port
add bridge=bridge-local interface=ether2
/interface l2tp-server server
set authentication=mschap2 default-profile=default enabled=yes ipsec-secret=Im2aF1OnKO mrru=1600
/interface list member
add interface=ether1 list=WAN
/ip address
add address=80.xxx.xxx.173/29 interface=ether1 network=80.xxx.xxx.xxx
add address=192.168.88.1/24 interface=bridge-local network=192.168.88.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid interface=bridge-local use-peer-dns=no use-peer-ntp=no
/ip dns
set allow-remote-requests=yes servers=80.xxx.xxx.xxx,80.xxx.xxx.xx
/ip firewall filter
add action=passthrough chain=forward
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input src-address=80.xxx.xxx.xxx/25
add action=drop chain=input comment="defconf: drop all coming from WAN" in-interface-list=WAN
add action=accept chain=forward
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=1 gateway=80.xxx.xxx.174
/ppp secret
add name=ppp1 password=ppp123 profile=l2tp-profile1 service=l2tp
/system clock
set time-zone-name=Asia/Krasnoyarsk
/system identity
set name=CHR
If i am enable dhcp client on bridge remote on AP it not works. DHCP client on bridge on CHR work
Sorry for bad English.
 
idlemind
Forum Guru
Forum Guru
Posts: 1101
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: DHCP Client brige l2tp tunnel

Sat Feb 09, 2019 7:19 pm

Use EoIP to bridge layer 2 cleanly between both locations. If the EoIP by hostname wrapped in IPSEC proves unreliable I've used L2TP in a road warrior fashion and ran EoIP inside of the L2TP. If you wrap the L2TP in IPSEC then just plain EoIP is fine underneath.

Alternatively you can use BCP to do the bridging as part of PPP in L2TP but I'm guessing that's giving you problems if you're here already.
 
un7known
just joined
Topic Author
Posts: 7
Joined: Sat Jan 26, 2019 12:51 pm

Re: DHCP Client brige l2tp tunnel

Mon Feb 11, 2019 5:55 am

I tried using eoip + l2tp before using bcp. This did not solve my problem. Using wireshark and tcpdump on the dhcp server, I see that requests appear in bridge-local, but I don’t have these requests in tcpdump on dhcp. as if the broadcast traffic does not pass from bridge to ether2
 
mistry7
Forum Guru
Forum Guru
Posts: 1244
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: DHCP Client brige l2tp tunnel

Mon Feb 11, 2019 8:18 am

https://wiki.mikrotik.com/wiki/Manual:B ... _bridging)

Put the WiFi Interface in the Bridge and you got what you want
 
un7known
just joined
Topic Author
Posts: 7
Joined: Sat Jan 26, 2019 12:51 pm

Re: DHCP Client brige l2tp tunnel

Mon Feb 11, 2019 9:04 am

https://wiki.mikrotik.com/wiki/Manual:B ... _bridging)

Put the WiFi Interface in the Bridge and you got what you want
/interface bridge port
add bridge=bridge-remote interface=wlan1
 
idlemind
Forum Guru
Forum Guru
Posts: 1101
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: DHCP Client brige l2tp tunnel

Mon Feb 11, 2019 8:15 pm

That works if everything is in the same place. I assumed we had 2 separate Internet connections in play. Is this not the case?
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1301
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: DHCP Client brige l2tp tunnel

Mon Feb 11, 2019 11:14 pm

You need to remove WLAn from bridge and add L2TP interface to bridge on L2TP client side, i.e. on your AP, the server side should be done dynamically of configured correctly.
You DHCP client should also be bound to L2TP client interface
MTCNA, MTCTCE, MTCRE & MTCINE
 
un7known
just joined
Topic Author
Posts: 7
Joined: Sat Jan 26, 2019 12:51 pm

Re: DHCP Client brige l2tp tunnel

Tue Feb 12, 2019 6:50 am

You need to remove WLAn from bridge and add L2TP interface to bridge on L2TP client side, i.e. on your AP, the server side should be done dynamically of configured correctly.
You DHCP client should also be bound to L2TP client interface
i need wifi clients to get ip from dhcp server from ether2
 
un7known
just joined
Topic Author
Posts: 7
Joined: Sat Jan 26, 2019 12:51 pm

Re: DHCP Client brige l2tp tunnel

Tue Feb 12, 2019 6:51 am

That works if everything is in the same place. I assumed we had 2 separate Internet connections in play. Is this not the case?
AP and CHR work through the Internet of different providers
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 642
Joined: Fri Nov 10, 2017 8:19 am

Re: DHCP Client brige l2tp tunnel

Tue Feb 12, 2019 8:34 am

This is very long-shot guess but based on the comment in config, I understand your Ether2 might have something to do with VLAN .. can you confirm/deny whether Ether2 receives (and passes to the bridge) tagged frames? If there are VLAN tags involved, where do you add/strip tags?
I think that might change the situation a lot: Firstly, AP is not configured for VLANs, secondly, I recently identified situation, when CHR does not bridge VLAN tagged frames correctly and despite internal packet sniffer saying it see the packet, it does not actually pass from bridge into virtual ethernet adapter. This might be similar case...
 
un7known
just joined
Topic Author
Posts: 7
Joined: Sat Jan 26, 2019 12:51 pm

Re: DHCP Client brige l2tp tunnel

Tue Feb 12, 2019 9:17 am

This is very long-shot guess but based on the comment in config, I understand your Ether2 might have something to do with VLAN .. can you confirm/deny whether Ether2 receives (and passes to the bridge) tagged frames? If there are VLAN tags involved, where do you add/strip tags?
I think that might change the situation a lot: Firstly, AP is not configured for VLANs, secondly, I recently identified situation, when CHR does not bridge VLAN tagged frames correctly and despite internal packet sniffer saying it see the packet, it does not actually pass from bridge into virtual ethernet adapter. This might be similar case...
vlan are not used in my situation
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1301
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: DHCP Client brige l2tp tunnel

Tue Feb 12, 2019 6:42 pm

You need to remove WLAn from bridge and add L2TP interface to bridge on L2TP client side, i.e. on your AP, the server side should be done dynamically of configured correctly.
You DHCP client should also be bound to L2TP client interface
i need wifi clients to get ip from dhcp server from ether2

Ok, then ignore DHCP client on L2TP interface, add ether2 and L2TP client in the bridge, and to manage the device, add IP or DHCP client on the bridge
MTCNA, MTCTCE, MTCRE & MTCINE
 
un7known
just joined
Topic Author
Posts: 7
Joined: Sat Jan 26, 2019 12:51 pm

Re: DHCP Client brige l2tp tunnel  [SOLVED]

Wed Feb 27, 2019 7:41 am

the problem was solved by turning on mac address spoofing on hyperv

Who is online

Users browsing this forum: Majestic-12 [Bot] and 60 guests