RouterOS 3.0 VPDN?

ebandrew · Thu Sep 20, 2007 6:22 am

Bell Canada uses the following model for reselling its DSL high-speed service:

1. Customer establishes PPPoE connection to local Access Concentrator (LAC).
2. LAC forwards customer session in form of L2TP session over established L2TP tunnel to L2TP Network Server (LNS) on reseller's network.
3. Reseller's LNS authenticates customer session via radius, and assigns connection information (IP, DNS, routes, etc) to the customer session.

The end result is the customer's connection appears to terminate directly on the reseller's network, with Bell's intermediary nodes being transparent.

My question is, will RouterOS 3.0 support this kind of VPDN configuration, as either the LAC or the LNS?

I work for a small ISP which both resells Bell's high speed service and wireless access. I would like to utilize Mikrotik systems to build a wireless access model which mirrors that of Bell's wholesale DSL services. IE:

PPPoE_Client->CPE->AP->Mikrotik_LAC->Routed_Infrastructure_Cloud->Mikrotik_LNS
<-----------PPPoE----------><--------------------L2TP----------------------------->
Remote_Client_IP<------------------------------------------------------>Local_Router_IP

slebrun · Tue Jun 10, 2008 4:21 pm

Resurrecting this one from the dead; does RouterOS support, or any plans to support, LAC/LNS VPDN connections?

Wed May 20, 2009 12:14 am

Have added as a v4 feature request, please vote on it http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

Wed May 20, 2009 12:50 pm

Currently the feature is not support. It might be that support will be added in the future for it.

Thu May 21, 2009 12:30 pm

That would be fantastic if it could be sergejs.

From what I can tell people have been asking for it since early in the 2.9 series of releases.

prasert · Sat Aug 29, 2009 10:26 pm

Any updates on this request?

brainy · Tue Sep 01, 2009 9:47 am

We're also waiting for this ... so we could replace a lot of Cisco Routers by MT if VPDN would be possible ...

jonesy · Mon Sep 07, 2009 8:21 am

This is a feature which would be extremely useful, I currently have to resort to using cisco devices to accomplish this which is a shame, as they are much more expensive and use more power too.

ebandrew · Wed Dec 16, 2009 4:50 pm

I check back periodically to see if there is any progress on this functionality. This is the last feature required before our company (and many others, it seems) could fully replace all Cisco devicese in our infrastructure with Mikrotiks. We're a little disappointed this hasn't been implemented....it seems like a relatively quick-win for Mikrotik.

prasert · Wed Dec 16, 2009 5:23 pm

Indeed, this would be nice. However, I don't think Mikrotik is even working on it. So it's back to Cisco for LAC functionality.

slebrun · Wed Dec 16, 2009 5:36 pm

We're all still waiting.

slebrun · Mon Feb 08, 2010 5:06 pm

Time for our update pleading that this happen!

Mon Feb 08, 2010 9:48 pm

Still waiting.....

lzwilliam · Tue Mar 09, 2010 1:39 pm

We are waiting for this too.....................

Tue Mar 09, 2010 1:49 pm

What are you all waiting for

? Did you send this question to support ?

prasert · Tue Mar 09, 2010 2:43 pm

What are you all waiting for ? Did you send this question to support ?

I assume you read the whole thread, so you know we're waiting for LAC functionality.

Do you have some news on current developments in this direction?

Tue Mar 09, 2010 2:47 pm

I don't think anyone ever requested this at mikrotik. This is just a user forum, it's easy to miss these threads.

Tue Mar 09, 2010 2:49 pm

We could try to add support for it, but we would need testers

prasert · Tue Mar 09, 2010 3:44 pm

We could try to add support for it, but we would need testers

Well, in this forum you can find testers, I'll be one of them!

Basic functionality requested:

1. Respond to PADI requests. These requests are sent by PPPoE - this can be a computer or a DSL router, the request is the same (arriving on the ethernet port)

2. Inspect the packet, strip the realm and forward to a endpoint (LNS) with L2TP. It would be perfect if the RouterOS could send the realm to a radius server which will answer with the IP address of the LNS.

Most of us now use this functionality on a Cisco router. It works on the 2600 series, but a 4Mbps data flow will drive the processor usage up to 99%. Way better performance is possible with a 7200 series router - and that's where the money starts.
If you guys can get this functionality going on RouterOS, and performance is fair, this would be a a real competitor for Cisco!

slebrun · Tue Mar 09, 2010 4:00 pm

We'll be a tester, too!

(and given sergejs's response earlier, we'd assumed you guys were aware of the request, but were choosing not to implemented for whatever reason.

lzwilliam · Tue Mar 09, 2010 11:03 pm

I'm looking forward to be part of the test aswell!!!!

Wed Mar 10, 2010 8:28 am

ok, thanks. we will let you know if we need your help. at first we have to make something, to be able to test it. it's not the highest priority project though.

hedele · Wed Mar 10, 2010 11:15 pm

Hi there,

yes LAC/LNS functionality would be a great addition to RouterOS!
If ppl for tests are needed I could stick together a Routerboard with a cisco LAC/LNS.

cdemers · Sat Mar 13, 2010 4:01 pm

Glad to get to see some response on this. I can also setup a test environment to test this if needed, i have an extra cisco around i can use for testing. Would be nice to eliminate the cisco router in the network that only has 1 purpose to terminate the L2TP connections from the phone company.

mrchiless · Thu Apr 22, 2010 4:22 pm

Is the LNS/LAC feature any closers yet ?... Fingers crossed

cdemers · Sat Apr 24, 2010 11:11 am

Hope so, been running into problems with current configuration of cisco, want to eliminate it from the network. Especially so as will be moving the data center and making new router.

prasert · Sat Apr 24, 2010 11:54 am

Hope so, been running into problems with current configuration of cisco, want to eliminate it from the network. Especially so as will be moving the data center and making new router.

Performance problems?

cdemers · Tue Apr 27, 2010 4:57 am

Hope so, been running into problems with current configuration of cisco, want to eliminate it from the network. Especially so as will be moving the data center and making new router.
Performance problems?

Want to be able to better control DSL customers, also getting more and more customers we are providing subnets to for hosting their own content, they are normally connected by DSL as a backup and wireless as their primary link. And have automatic failover.

prasert · Tue Apr 27, 2010 11:30 am

Want to be able to better control DSL customers, also getting more and more customers we are providing subnets to for hosting their own content, they are normally connected by DSL as a backup and wireless as their primary link. And have automatic failover.

It's slightly off-topic, but adding subnets can be handled by the LNS: add a Framed-route in the radius account configuration and tell the LNS to propagate this route into the routing protocol.
The LAC won't be aware of any subnets, nor needs to be, as it's just switching packets between layer-2 and a L2TP connection.

prasert · Fri Jun 18, 2010 6:36 pm

Since MikroTik is not showing any signs of progress, I'd like to suggest a software option: mpd5 and FreeBSD.

I have installed FreeBSD on a machine, added the mpd5 software package (all opensource) and configured it as a LAC. The performance is amazing! For those of you looking for Cisco alternatives, give this combination a try. I'd like to test more, but my network isn't large enough. Sofar, the box handles a throughput of over 40Mbps and the cpu is still 99% idle.
FreeBSD can be configured to use 802.1q VLANs, the LAC can be setup using only 1 ethernet interface. If anyone is going to give it a try, I'd like to hear some results on performance. The user-comments on the web are sparse (and mostly in Russian).

mpd5 is open-source, so maybe it's interesting for MikroTik to have a look into the source code?

bgoode · Mon Jun 28, 2010 7:45 pm

Where did you find config information for MPD5+Radius+FreeBSD? The pkg docs are not very helpful (and as you note, most information is in Russian).

Could I contact you privately?

prasert · Fri Jul 02, 2010 1:17 pm

Where did you find config information for MPD5+Radius+FreeBSD? The pkg docs are not very helpful (and as you note, most information is in Russian).

Could I contact you privately?

PM function doesn't work for me on this board, but the discussion of MPD5 might be interesting for others as well, although slightly off-topic.

I tested with a very simple LAC configuration, which receives PPPoE connections from DSLAMs over two 802.1q VLANs, and then forwards these to a Cisco LNS:
mpd.conf

default:
        load simple_lac

simple_lac:
# L1 receives PPPoE calls from vlan2 and forwards them to L3
        create link template L1 pppoe
        set pppoe iface vlan2
        set link action forward L3
        set link enable incoming

# L2 receives PPPoE calls from vlan10 and forwards them to L3
        create link template L2 pppoe
        set pppoe iface vlan10
        set link action forward L3
        set link enable incoming

# L3 sets up an L2TP connection to the LNS
        create link template L3 l2tp
        set l2tp self 172.25.31.10
        set l2tp peer 172.25.31.4
        set l2tp hostname LAC
        set l2tp secret cisco
        set l2tp enable length

I haven't tested radius yet. The FreeBSD version I used was straight from CD, no kernel recompiling (yet), only installed MPD5 from the ports collection and configured the ethernet interface for 802.1q VLANs (which is supported in the default kernel).

Have a look at the documentation and man pages included with the package, use the debug function on the Cisco router and you'll figure it out!

ebandrew · Wed Apr 04, 2012 1:21 pm

This 7 year old thread deserves a bump.

brainy · Wed Apr 04, 2012 1:42 pm

Oh yes. we're still waiting for it ...

paoloaga · Mon Apr 09, 2012 7:04 pm

If there is RouterOS support for LAC/LNS, I would use it too (actually it's running on cisco).

ebandrew · Thu Jan 31, 2013 5:15 am

bump...still waiting on this

brainy · Thu Jan 31, 2013 9:32 am

me too

chimaster · Thu Mar 07, 2013 2:57 am

Hi All,

Old Thread, just thought I'd bring it back to life. I was a little worried as I was setting my Mikrotik up as an LNS without doing the appropriate Background checks, just figured it would work as L2TP server why not..

Anyways, good news is it works. I'm now terminating DSL into my existing Wireless Network using RADIUs for auth.

Very happy about that.!

Basically ---

Bridge DSL --> Mikrotik PPPoE Client --> user@myrealm.co.nz --> L2TP on VLAN to my CCR --> Auth via RADIUS and IP assigned --> Off to world.

Had to set MTU to 1452 on the PPPoE Client otherwise wasn't really getting any routing anything over was too much due to header size.

Happy Camper.

maxrate · Thu Apr 25, 2013 9:54 pm

Hi chimaster. I'm not certain this is what other folks on here are discussing. If you are a wholesale partner with a DSL carrier/telco, they will typically forward PPP frames in L2TP tunnels (or something similar) so although the configuration you described is working, that configuration will not necessarily work when dealing with a telco that is providing PPPoE based service and tunneling the frames back to the network aggregation device. You are 'lucky' in that you own the DSLAM and have configured it in bridge mode.

+1 for me wanting mikrotik to support LNS/LAC

ebandrew · Wed Jul 03, 2013 3:13 am

abongard · Mon Jul 21, 2014 6:38 pm

So this request for VPDN/LAC/LNS has been going on for at least 5-6 years....

MIKROTIK, don't you think something should be done ASAP....

I really don't want to have to go out and buy a Cisco....!!!

Please let us all know where we stand with this? how long until until this will be available?

Regards,
Andrew

bronx · Wed Feb 11, 2015 1:09 am

We could try to add support for it, but we would need testers

Normis, how to start testing ?

Who is online