Community discussions

MikroTik App
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

pppoe->vrf->vpn.l2tp

Sat Sep 17, 2022 1:48 pm

one of my client has pppoe (public ip-add) in to vrf, (it's too late to do proper route leaking) and because of that the l2tp is not able to establish.
I do believe that mangle is able to do something, but i have no clue how to do.

The router can ping out only if i do with the vrf table, from the main table cannot ping out, and i that cost the issue

the config is very simple :

/ip route vrf
add interfaces=pppoe-out1,vlan10,vlan11,vlan12,vlan13,vlan14 routing-mark=vrf1


and also im allowing 1701,4500,500 , and 50 (ipsec-esp) on the filter (even though in this case i dont need ipsec)
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: pppoe->vrf->vpn.l2tp

Sat Sep 17, 2022 2:24 pm

It is not recommended to do that, but indeed a mangle rule
chain=output protocol=udp src-port=1701 action=mark-routing new-routing-mark=vrf1
should make the L2TP run.
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: pppoe->vrf->vpn.l2tp

Sat Sep 17, 2022 2:27 pm

why it's not recommended , will that break anything?
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: pppoe->vrf->vpn.l2tp

Sat Sep 17, 2022 2:28 pm

That's a good question but I haven't found any explanation in the manual. It just says "don't do it". But I admit I only do that when handling the own traffic of the router, not a forwarded one.
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: pppoe->vrf->vpn.l2tp

Sat Sep 17, 2022 2:39 pm

sill no, this is what i can see on log
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: pppoe->vrf->vpn.l2tp  [SOLVED]

Sat Sep 17, 2022 3:12 pm

Is this router an L2TP client or an L2TP server? Is it running ROS 6 or ROS 7?

Also, maybe remove the mangle rule and use a routing rule instead:

/ip route rule add src-address=ip.of.the.pppoe action=lookup-only-in-table table=vrf1
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: pppoe->vrf->vpn.l2tp

Sat Sep 17, 2022 3:17 pm

Is this router an L2TP client or an L2TP server? Is it running ROS 6 or ROS 7?
server, v6

/ip route rule add src-address=ip.of.the.pppoe action=lookup-only-in-table table=vrf1
to mi daj!!!! radi
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: pppoe->vrf->vpn.l2tp

Mon Sep 19, 2022 8:20 am

just for our records , that route rule, doesn't work on v7,i hope that MT will fix it up

Who is online

Users browsing this forum: K0NCTANT1N, Renfrew and 41 guests