Community discussions

MikroTik App
 
adam900331
newbie
Topic Author
Posts: 27
Joined: Fri Jul 22, 2016 10:02 am

Assign static IP address to VPN client problem

Mon Jan 13, 2020 3:52 pm

Hy!

I have a L2TP VPN Server on my MikroTik router. The internal subnet is: 10.10.0.0/24, I would like to assign to all VPN clients from this address space: 10.10.0.91-10.10.0.95. I created a pool which contain this address space. I set the following paramaters on the PPP-Profiles: Local Address: 10.10.0.90 Remote Address: vpn_pool(10.10.0.91-10.10.0.95). I can connected successfully from my client but I can only communicate with the routers default IP (10.10.0.1). I can't reach any device on the 10.10.0.0/24. Why? How can I set IP address to may VPN clients from the same network space. Thank You.
 
Zacharias
Forum Guru
Forum Guru
Posts: 2309
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Assign static IP address to VPN client problem

Mon Jan 13, 2020 4:07 pm

Enable proxy-arp on your Bridge interface and let me know if that corrects your problem...
 
adam900331
newbie
Topic Author
Posts: 27
Joined: Fri Jul 22, 2016 10:02 am

Re: Assign static IP address to VPN client problem

Mon Jan 13, 2020 4:41 pm

Unfortunately not. I haven't got bridge, I have a LAN interface which is include 2 vlan. I enabled the proxy-arp on the physical interface and the vlan interface. The Aruba switch is connected to the physical interface directly. The clients are connected to this switch.
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 978
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Assign static IP address to VPN client problem

Mon Jan 13, 2020 4:47 pm

Best and common practice is to have a dedicated subnet for vpn clients.
There's absolutely no reason for vpn clients being located in the same subnet as the local LAN.
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
adam900331
newbie
Topic Author
Posts: 27
Joined: Fri Jul 22, 2016 10:02 am

Re: Assign static IP address to VPN client problem

Mon Jan 13, 2020 5:02 pm

There is a vpn client who need an IP address from the local address space. I reconfigured the VPN server PPP/Profiles. Local address: 172.30.90.1, Remote address: vpn_pool2 (172.30.90.2-172.30.90.254). When I connect to the VPN server, I get an 172.30.90.x IP address and I can communicate with the all of the device from the 10.10.0.0/24 subnet. BUT, I set the one of the user under the Secrets and assign an IP address from the LAN address space to the VPN users Remote Address field, like 10.10.0.100. When I connect again with this VPN user, get the 10.10.0.100 IP address, but I only communicate with the default gateway. (The arp is set to proxy-arp) Is it possible somehow to communicate the other devices?
 
Zacharias
Forum Guru
Forum Guru
Posts: 2309
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Assign static IP address to VPN client problem

Mon Jan 13, 2020 8:24 pm

I haven't got bridge, I have a LAN interface which is include 2 vlan.
Now you got me totally confused...
There is no Bridge Interface ?

@cdiedrich is right on what he said... But....
 
techlord
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Mon Nov 18, 2019 4:33 pm

Re: Assign static IP address to VPN client problem

Mon Jan 13, 2020 9:34 pm

Hi!
To put it simply, this is how the protocol works. Everything coming via the L2TP tunnel will reach only the router. You cannot do anything to reach IPs behind that router but in the same subnet as the l2tp client.

As you've already seen, doing different subnets ( 1 for internal and a different one for remote users) will enable traffic. If you really need Layer 2 connectivity between sites your best bet is Eoip over IPSEC which means you need a mikrotik router on the remote site too.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1783
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Assign static IP address to VPN client problem

Mon Jan 13, 2020 10:07 pm

Totally agree with @cdiedrich, but if you insist, and to expand on what @Zacharias said, you will need to configure proxy-arp on the LAN facing interface, may it be physical, bridge or vlan

If that does not work, then you might have other network problems, i.e. firewall rules, routing issues, etc and without seeing network topology / config of devices involved makes it difficult to assist
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 978
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Assign static IP address to VPN client problem

Tue Jan 14, 2020 11:45 am

There is a vpn client who need an IP address from the local address space.
The only reason I can see for this being necessary is a service running in your LAN that only accepts connections from the local LAN.
So it's not the client that needs the local range address but the service being accessed.
I'd create a srcnat rule for exactly that service (matching dst ip, portocol and port) and nat it to your router's local address while having the client still in the vpn range.
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
Zacharias
Forum Guru
Forum Guru
Posts: 2309
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Assign static IP address to VPN client problem

Tue Jan 14, 2020 5:05 pm

You cannot do anything to reach IPs behind that router but in the same subnet as the l2tp client
Totally wrong..

As @CZfan said, proxy-arp does not work because of other mistakes in the config...
Otherwise proxy-arp is the solution to the problem...

Who is online

Users browsing this forum: Bing [Bot], keshawnmc2007, kocouj1, sindy, Tobei, willi21, Znevna and 93 guests