Hi all, I have a simple bridge with 3 interfaces and I'd like to make some bridge dst-nat decisions (ie re-write the destination MAC) based on the attributes of the IP connection (not packet). However, bridges do not track IP connections, rather this function is performed by the IP firewall. I can a...

Most client software will attempt to switch to NAT-T if it detects NAT in the path. So that means if you are using NAT, you need to configure your IPSec peer to use NAT-T. Be aware though that not all clients are currently working with NAT-T. Windows XP, for instance, will not successfully establish...

Hi all,

Is there nobody out there who can confirm a working MPPP setup over two links using PPPoE with MT as the client?

Thanks!

Do you have any specifics for the Linux patch? I'd love to research a bit more into exactly how Linux resolved this...

We have NAT-T working fine for L2TP/IPSec and generate-policy=yes with MAC OS from RC2 upwards. XP and Win7/Vista are another matter.

If you can be more specific about your config and error messages, maybe I can help.

Yes I concur that the issue is with the client sending FQDN instead of IP address as part of the IPSec setup. We have seen this in XP when it is behind NAT, though curiously XP does send its IP address as long as it does not detect NAT. I have asked MT to provide a fix for this on their side, as the...

If you are attempting to allow an L2TP/IPSec Client on any address to create a tunnel to your server, which is addressable on 192.168.1.80, then you have got yourself in a muddle. I recommend that you re-read the material, but also note that the link to which you refers talks about setting up a tunn...

Hi,
A MLPPP setup just like this is on my to-do list. Cander1's post has made me nervous. Has any one got MLPPP going on multilinks ok? With which LAC / LNS? I was going to use Cisco.
Thanks!

Hi Mikrotik, I see RC11 is out and more work has been done on IPSec. However, no news about these final issues with ids for Vista/7 and XP behind NAT-T. I'd be really grateful for just a clue as to whether anyone will look at it, so we can decide whether to stop waiting and go looking for another so...

Unfortunately, 5.0rc2 didn't completely solve all IPSec-behind-NAT issues. See http://forum.mikrotik.com/viewtopic.php?f=1&t=47207

Hi all, First post - but I've been lurking for a while! We have been doing extensive testing with remote users establishing L2TP/IPSec tunnels to an RB450G, now running V5.0 RC3. We're using the built in L2TP/IPSec capability of a few different clients, namely WindowsXP, Windows Vista/7 and Mac. We ...