Hi Everyone,
So, i'm encounterring some problems with L2TP bridging on CHR.
Some context, i'm doing L2TP bridging between some Cambium networks AP (offsite) and a CHR (onsite) to bridge wifi clients on external site to my LAN.
My CHR 7.1.2 is a P 1 on an ESXi 6.7
And i'm getting some weird behavior that i can't find any way to troubleshoot.
Things that works :
- ppp auth is ok
- L2TP dynamic tunnel is ok
- Packet going from Offsite (AP side) to LAN (CHR side) are ok
Things that doesn't work :
- Return packets never goes through the tunnel.
After some digging, i found out that the dymanic "host" creation (under /interface/bridge/host) is behaving weirdly.
When a new client connect through the L2TP tunnel, a new host is correctly created linked with the correct l2tp dynamic interface for return purpose, but it vanished after a split second.
Which explain why my packets never comes back. I guess the bridge dump them because the dst-mac doesn't belong to him anymore.
And sometime, like one time in a hundred, it just, start to work. For a minute or so. (host entry are stable as they should be, and packet transit is ok). And then it breaks again.
What i already tried:
- New VM, same conf but in 7.2.1 => Same problem (mac vanished in the host table)
- New VM, same conf but in 6.48 long-term => Same problem (mac vanished in the host table)
- P10/ Punlimited trial licence.
Nothing seems to do the trick.
Now the funny part. The same setup, with the exact same conf is functionnal on another site, but with a Proxmox environnement.
Only difference between the two site : Proxmox vs VMWare and more client and traffic on the VMWare site (the bridge see approx 200 hosts and 100M traffic).
So could it be a VMWare compatibility problem? Or just too many client connected to the bridge that break the l2tp service?
Any idea or similar experience are welcomed (i'm in it for 3 full days now, and i fear that not much of my hair are gonna survive this trial)
Below is the compact conf of my CHR. Tunnel enter on BR-DATA-IN and are then bridged to BR-DATA-OUT.
# apr/22/2022 15:10:46 by RouterOS 7.1.2
# software id =
#
/interface bridge
add name=BR-DATA-IN
add name=BR-DATA-OUT
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
/disk
set sata1 disabled=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ppp profile
add bridge=BR-DATA-OUT name=ppp-bridging use-ipv6=no
/interface bridge port
add bridge=BR-DATA-IN interface=ether1
add bridge=BR-DATA-OUT interface=ether2
/ipv6 settings
set max-neighbor-entries=15360
/interface l2tp-server server
set default-profile=ppp-bridging enabled=yes max-mru=1500 max-mtu=1492 mrru=\
1600
/ip address
add address=10.0.40.111/24 interface=BR-DATA-IN network=10.0.40.0
/ip dns
set servers=10.0.40.254
/ip route
add dst-address=0.0.0.0/0 gateway=10.0.40.254
/ppp secret
add name=ppp-secret-1 profile=ppp-bridging
Many thanks by advance !
Regards.