A
A
Alexander2015-01-22 21:25:33
Mikrotik
Alexander, 2015-01-22 21:25:33

How can I connect to another l2tp client from Mikrotik?

There is an l2tp server with connected clients. I'm trying to connect mikrotik 751G as a client to an l2tp server (Internet on Mikrotik via a 3g modem). The connection is established, the internal IP is assigned: 200.200.200.102
But neither from the computer connected to the Mikrotik, nor from the Mikrotik itself from another client connected to this server - it is not possible to ping. If I prescribe a route like this:
Dst.addres: 200.200.200.0/24
GateWay: l2tp-out1
Pref.source: 200.200.200.102
Then users ping from Mikrotik, but do not ping from a computer connected to Mikrotik.
Questions:
1. How to correctly register the route (s)?
2. If you add the secondmasquerade rule for l2tp - then from computers connected to mikrotik - other clients become available. Why? (These rules fall off after a reboot, and you have to start it manually. I think that you can’t do this)
3. I can’t connect Mikrotik as a pptp client. How can I debug the cause of link established on Myrotic? ( /interface pptp-client monitor shows nothing but link established)

Answer the question

In order to leave comments, you need to log in

1 answer(s)
C
Cool Admin, 2015-01-23
@ZzeroCool

The first important thing to understand is that l2tp stands for Layer 2 Tunneling Protocol. Those. it is a channel protocol that acts as a tunnel. From this understanding, two conclusions are born:
1. You can let traffic simply into the interface, someone will process it anyway (more precisely, not "someone", but clearly the second side, there are no other parties in the tunnel)
2. Addresses on such a tunnel is established with a /32 mask.
From the latter, it turns out that a route like 200.200.200.0/24 does not appear in the routing table of a Mikrotik or server, so you need to write it manually.
Farther. The server you are connecting to manages a bunch of such tunnels, and they all have it as a bunch of /32 subnets, depending on the destination address, the packet is sent along the appropriate route, which, as written above, is equal to a separate tunnel. But this server knows absolutely nothing about what networks are located behind its clients, its route table simply does not have an entry like X.YZW/24 gw 200.200.200.102 , which means that if traffic in any tunnel comes from a source from this subnet, the router will not be able to return it back - therefore, from a remote network, your network is not visible behind the Mikrotik.
In the ipv4 protocol, a mechanism was invented for such a situation - NAT - it replaces the source address in all packets coming from computers behind the Mikrotik with the address assigned to the tunnel, in such a situation the l2tp server will be able to understand (more precisely, in such a situation the L2TP server thinks that all traffic comes only from Mikrotik - from his client) where to send packets and traffic starts to go.
Summarizing. When using any P2P tunnels, you need to add routes to the table (either manually or automatically, but this is beyond the scope of the question). It is also necessary to use NAT or add routes to the server table (the latter is also outside the scope of the question).

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question