Community discussions

MikroTik App
 
alemstrom
just joined
Topic Author
Posts: 6
Joined: Tue Jan 21, 2025 4:40 am

CoreTransit /29 Routable IP L2TP Service

Tue Jan 21, 2025 4:46 am

Hello,

Not sure if any one of you have heard of CoreTransit yet, its about a year old but they give out IP space via an L2TP service.

I'm running a hAP ac^2 on 7.15.3, which is what it shipped with, I tried updating it and it messed up everything so I reverted back and installed the wireless drivers.

I was curious, does anyone else have a working l2tp configuration that routes traffic to the private interface that your private network is on.

So all 192.168.88.1/24 traffic goes over the "regular" network, and any traffic destined for the network thats routed over the l2tp connection is also attached to the ether5 interface..

so
ether1 - has charter dhcp
l2pt-in - (client) has assigned public ( 216.146.17.57)
ether5 has 192.168.xx.1 & the public of the routed ip's (216.146.17.128/29) .

I understand that I might have todo some firewall/mangle voodoo, but I tried many things and it did not work.
Last edited by alemstrom on Thu Jan 23, 2025 7:26 am, edited 1 time in total.
 
User avatar
TheCat12
Long time Member
Long time Member
Posts: 520
Joined: Fri Dec 31, 2021 9:13 pm

Re: CoreTransit.net /29 Routable IP L2TP Service

Tue Jan 21, 2025 11:48 am

A network diagram as well as stating your requirements in the form "which users are part of what network and what should they be able to reach from where" would be quite helpful
 
alemstrom
just joined
Topic Author
Posts: 6
Joined: Tue Jan 21, 2025 4:40 am

Re: CoreTransit.net /29 Routable IP L2TP Service

Tue Jan 21, 2025 1:58 pm

Hopefully this convey's what I'm setting out todo. See attached.
CoreTransit.drawio.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
TheCat12
Long time Member
Long time Member
Posts: 520
Joined: Fri Dec 31, 2021 9:13 pm

Re: CoreTransit.net /29 Routable IP L2TP Service

Tue Jan 21, 2025 10:04 pm

I still cannot comprehend the purpose of having local and public IPs on the same interface. Kindly clarify it
 
alemstrom
just joined
Topic Author
Posts: 6
Joined: Tue Jan 21, 2025 4:40 am

Re: CoreTransit.net /29 Routable IP L2TP Service

Thu Jan 23, 2025 7:20 am

So the l2tp connection rides the spectrum connection as a separate interface. The bridgeLocal interface is assigned internal and the routed from core transit. I then setup mangle rules. Those however did not work.

I hope this makes sense....
 
User avatar
TheCat12
Long time Member
Long time Member
Posts: 520
Joined: Fri Dec 31, 2021 9:13 pm

Re: CoreTransit.net /29 Routable IP L2TP Service

Thu Jan 23, 2025 8:39 pm

You still haven't answered my question - why do public IPs and local ones need to be on the same interface? Do you want a specific device to have a public IP? Does it need to access the internet from it? Do you want to forward the addresses to another router?
 
alemstrom
just joined
Topic Author
Posts: 6
Joined: Tue Jan 21, 2025 4:40 am

Re: CoreTransit /29 Routable IP L2TP Service

Thu Jan 23, 2025 10:14 pm

I guess I don't understand. My request seems simple it's a simple routed setup but the routed ip's are coming over a l2tp connection and the internal interface bridgeLocal gets private and public. So yes. I would like for it to handle the routed subnet on the private lan.

Thanks
 
User avatar
TheCat12
Long time Member
Long time Member
Posts: 520
Joined: Fri Dec 31, 2021 9:13 pm

Re: CoreTransit /29 Routable IP L2TP Service

Thu Jan 23, 2025 11:32 pm

Wait a second... Do you just want the LAN to go out to the internet through a public WAN IP and/or the other way around? If that's the case, it could be achieved with policy routing:
/ip address
add address=216.146.17.129/29 interface=lo

/routing table
add fib name=thr_l2tp

/routing rule
add action=lookup-only-in-table dst-address=192.168.88.0/24 src-address=192.168.88.0/24 table=main
add action=lookup-only-in-table src-address=192.168.88.0/24 table=thr_l2tp

/ip route
add distance=2 dst-address=0.0.0.0/0 gateway=l2tp-out1
add dst-address=0.0.0.0/0 gateway=l2tp-out1 routing-table=thr_l2tp

/ip firewall nat
add action=src-nat chain=srcnat out-interface=l2tp-out1 place-before=0 to-addresses=216.146.17.129
Note: The lo interface, on which the public IP is assigned, is the loopback interface

Second note: dst-nat rules should be used for the other way around
 
alemstrom
just joined
Topic Author
Posts: 6
Joined: Tue Jan 21, 2025 4:40 am

Re: CoreTransit /29 Routable IP L2TP Service

Fri Jan 24, 2025 4:28 am

Basically whatever is coming from 192.168.88.0/24 goes out the default route. (the spectrum main dhcp'd ip)

Anything that comes over the l2tp connection say 216.146.17.128/29 goes out of the route of the l2tp connection but is another subnet on the bridgeLocal interface.
 
alemstrom
just joined
Topic Author
Posts: 6
Joined: Tue Jan 21, 2025 4:40 am

Re: CoreTransit /29 Routable IP L2TP Service

Sat Jan 25, 2025 3:17 am

Why are you classing the 192.168.88.x/24 traffic, when it should be the 216.146.17.128/29 traffic, I'm making it simple stupid - I don't understand this part.
Wait a second... Do you just want the LAN to go out to the internet through a public WAN IP and/or the other way around? If that's the case, it could be achieved with policy routing:
/ip address
add address=216.146.17.129/29 interface=lo

/routing table
add fib name=thr_l2tp

/routing rule
add action=lookup-only-in-table dst-address=192.168.88.0/24 src-address=192.168.88.0/24 table=main
add action=lookup-only-in-table src-address=192.168.88.0/24 table=thr_l2tp

/ip route
add distance=2 dst-address=0.0.0.0/0 gateway=l2tp-out1
add dst-address=0.0.0.0/0 gateway=l2tp-out1 routing-table=thr_l2tp

/ip firewall nat
add action=src-nat chain=srcnat out-interface=l2tp-out1 place-before=0 to-addresses=216.146.17.129
Note: The lo interface, on which the public IP is assigned, is the loopback interface

Second note: dst-nat rules should be used for the other way around
 
coretransit
just joined
Posts: 1
Joined: Sat Jan 25, 2025 3:57 am
Location: USA
Contact:

Re: CoreTransit /29 Routable IP L2TP Service

Sat Jan 25, 2025 4:26 am

A few folks made me aware of this post, so thank you to all of them!!

This is best done with policy-based routing. https://help.mikrotik.com/docs/spaces/R ... cy+Routing

In the case of Core Transit we've put together an example as well.
https://client.coretransit.net/knowledg ... unnel.html

Hope that help!
 
User avatar
TheCat12
Long time Member
Long time Member
Posts: 520
Joined: Fri Dec 31, 2021 9:13 pm

Re: CoreTransit /29 Routable IP L2TP Service

Sat Jan 25, 2025 5:03 pm

Basically whatever is coming from 192.168.88.0/24 goes out the default route. (the spectrum main dhcp'd ip)

Anything that comes over the l2tp connection say 216.146.17.128/29 goes out of the route of the l2tp connection but is another subnet on the bridgeLocal interface.
That's the part where it gets ununderstandable - why should a public subnet be in conjunction with a local subnet on the same interface? What should be achieved through this setup?
 
tdw
Forum Guru
Forum Guru
Posts: 2089
Joined: Sat May 05, 2018 11:55 am

Re: CoreTransit /29 Routable IP L2TP Service

Sat Jan 25, 2025 5:19 pm

There is nothing technically incorrect having multiple subnets on a layer 2 network, you can set a client to an address from either. The main limitation is a DHCP server can only offer dynamic addresses for one of them.

That said it isn't really good practice, having each subnet in it's own layer 2 network is better, typically implemented with VLANs. And depending on the use case for the public addresses being provided over the L2TP connection it is possible to use NAT to/from them too, e.g. forward ports from each public address to multiple servers with private addresses, or source NAT multiple private addresses to each of the public addresses.