Here is my L2TP config:
[admin@client] /ip route> export
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
xxx.xxx.43.32 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=192.168.0.0/16 gateway=\
192.168.90.254 scope=30 target-scope=10
[admin@client] /interface l2tp-client> export
/interface l2tp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \
connect-to=xxx.xxx.105.194 dial-on-demand=yes disabled=no max-mru=1460 \
max-mtu=1460 mrru=disabled name=officevpn password=\
"secret" profile=default-encryption user=\
office
[admin@client] /ppp> export
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" local-address=\
10.69.99.254 name=default-encryption only-one=default remote-address=\
192.168.90.254 use-compression=default use-encryption=required \
use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
[admin@server] /interface l2tp-server> export
/interface l2tp-server
add comment="" disabled=no name=officevpn user=office
/interface l2tp-server server
set authentication=chap,mschap2 default-profile=default-encryption enabled=yes \
max-mru=1460 max-mtu=1460 mrru=disabled
[admin@server] /ppp> export
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=default use-encryption=required \
use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id=xxx.xxx.43.34 comment="" disabled=no limit-bytes-in=0 \
limit-bytes-out=0 local-address=192.168.90.254 name=office password=\
"secret" profile=default-encryption \
remote-address=10.69.99.254 routes="10.69.0.0/16 10.69.99.254 1" service=\
any
Like I said before, the VPN itself works fine. The only problem is that the IP I tell the client to connect to is not the one I want to use. The server seems to respond using any external IP it likes, here is the client log:
07:33:58 l2tp,debug,packet sent control message to xxx.xxx.105.194:1701
07:33:58 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
07:33:58 l2tp,debug,packet (M) Message-Type=SCCRQ
07:33:58 l2tp,debug,packet (M) Protocol-Version=0x01:00
07:33:58 l2tp,debug,packet (M) Framing-Capabilities=0x1
07:33:58 l2tp,debug,packet (M) Bearer-Capabilities=0x0
07:33:58 l2tp,debug,packet Firmware-Revision=0x1
07:33:58 l2tp,debug,packet (M) Host-Name="client"
07:33:58 l2tp,debug,packet Vendor-Name="MikroTik"
07:33:58 l2tp,debug,packet (M) Assigned-Tunnel-ID=52
07:33:58 l2tp,debug,packet (M) Receive-Window-Size=4
07:33:58 l2tp,debug,packet rcvd control message from xxx.xxx.105.249:1701
07:33:58 l2tp,debug,packet tunnel-id=52, session-id=0, ns=0, nr=1
07:33:58 l2tp,debug,packet (M) Message-Type=SCCRP
07:33:58 l2tp,debug,packet (M) Protocol-Version=0x01:00
07:33:58 l2tp,debug,packet (M) Framing-Capabilities=0x1
07:33:58 l2tp,debug,packet (M) Bearer-Capabilities=0x0
07:33:58 l2tp,debug,packet Firmware-Revision=0x1
07:33:58 l2tp,debug,packet (M) Host-Name="server"
07:33:58 l2tp,debug,packet Vendor-Name="MikroTik"
07:33:58 l2tp,debug,packet (M) Assigned-Tunnel-ID=115
07:33:58 l2tp,debug,packet (M) Receive-Window-Size=4
07:33:58 l2tp,debug received SCCRP before SCCRQ, rejecting
You can see that it is connecting to .194 but the server is responding on .249. If I set the client to send on .249 it works. If I disable .249 on the server it just picks another outgoing ip. How can I force the server to use a certain IP?