Answer the question
In order to leave comments, you need to log in
Mikrotik: l2tp client -> one specific eth port. How??
Greetings. Newbie with Mikrotik, piece of iron RB2011UiAS-2HnD-IN.
Introductory:
1. At the 'other' end of the VPN L2TP server (ipsec is not involved in this example, the softether server works fine), the local-bridge VPN server's virtual hub is connected to the server's Internet interface + on the tap interface (to which the virtual hub is bridged ) DHCP server (range 192.168.7.2-100, gate .1) is started for remote clients of this VPN. Tap interface NAT-ed to the internet.
Any clients connect to it without problems and have no problems (they receive an address via DHCP and work).
2. At the 'this' end of Mikrotik, it works in station-pseudobridge mode, receives the Internet via wlan1 from the main access point and provides access to the hardware connected to physical ports (all ports are bridged into one)
Task:
Make an L2TP client that will provide 'physical' access to the virtual hub of the VPN server to a device connected to the ETH5 port of Mikrotik.
That is, I insert the device into ETH5 and it itself receives the settings already from the VPN server.
OR if this is not feasible (and I can roughly understand the potential reasons) - just another NAT, but so that everything connected to ETH5 is nat through the VPN.
The L2tp-out1 interface itself is created, gets an IP 'from there' (.7.58 for example).
Tried a lot of tutorials, added a mangle tag to all packages with ETH5, and then routed them to L2tp-out1; tried to assign network 192.168.80.0/24 to ETH5, ran DHCP on it, again tried to route all packets from it to l2tp-out1, with and without masqurade.
No way.
I ask for help, I have not been able to master it for two days.
Thank you!
Answer the question
In order to leave comments, you need to log in
dachshunds, if I understand correctly, then for a specific port on Mikrotik, you need to let all traffic through VPN.
If everything is correct (and you can’t create a separate l2tp-cli + eth5 bridge, I don’t remember for technical reasons or specifically in your conf), then do the following:
1. Exclude Eth5 from all bridges, assign an address (from third-party non-overlapping addressing), raise DHCP
2. Mark all packets incoming to the eth5 interface, assign a routing table to the marked packets in the mangle (two rules in the mangle)
3. In the routing tables, create a rule for 0.0.0.0/0 where the routing mark is the one that was done above, the gateway is the what is l2tp (or l2tp-cli interface)
If I didn’t forget anything (and I could forget a thread), then packets will go in the rules of the mangle, and traffic will go to the l2tp-server.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question