The client connects fine, gets an IP address in the same range as the LAN side of the Mikrotik router, and I'm able to ping from the client computer to computers in the LAN. So far so good.
But how do I manage to pass on broadcast traffic between the VPN client to the LAN and vice versa? I can see UDP broadcast to ports 137/138 (Netbios) arriving at the router, but I don't know how to pass it on to the LAN computers. The LAN computers are all connected to a bridge containing ether2..ether5.
I thought I should be able to add the L2TP to this bridge as well, by specifying the bridge in the Bridge parameter of the PPP policy, but it never shows up.
Something is mentioned on the forum about enabling BCP on both sides of a PPP tunnel , but the far end of this connection is in Windows XP and I dunno what I can do there.
How do I add the L2TP interface to the bridge?
Or are there any other tricks that can be used to enable access to network browsing and shared printers/disk drives from the client?
This is the setup:
Code: Select all
[admin@MT] > ppp secret export
# feb/12/2009 14:42:42 by RouterOS 3.20
# software id = 93B9-LTT
#
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
name=12345 password=12345 profile=L2TP-profile routes="" service=l2tp
[admin@MT] > ppp profile export
# feb/12/2009 14:42:48 by RouterOS 3.20
# software id = 93B9-LTT
#
/ppp profile
add bridge=bridge1 change-tcp-mss=default comment="" local-address=\
192.168.1.150 name=L2TP-profile only-one=default remote-address=\
192.168.1.200 use-compression=default use-encryption=default \
use-vj-compression=default
[admin@MT] > interface pr
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU
0 R ether1 ether 1500
1 ether2 ether 1500
2 R ether3 ether 1500
3 ether4 ether 1500
4 R ether5 ether 1500
5 R bridge1 bridge 1500
6 R pppoe-out1 pppoe-out 1480
7 DR <l2tp-12345>
l2tp-in 1400
[admin@MT] > interface bridge pr
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 arp=proxy-arp mac-address=00:0C:42:2E:BD:01 protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MT] > interface bridge port pr
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 I ether2 bridge1 0x80 10 none
1 ether3 bridge1 0x80 10 none
2 I ether4 bridge1 0x80 10 none
3 ether5 bridge1 0x80 10 none
[admin@MT] > ip address pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.1/24 192.168.1.0 192.168.1.255 bridge1
1 D XX.XXX.176.81/32 XX.XX.34.0 0.0.0.0 pppoe-out1
2 D 192.168.1.150/32 192.168.1.200 0.0.0.0 <l2tp-12345>
[admin@MT] > ip route pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 ADS 0.0.0.0/0 reachable 88.88.34.0 1 pppoe-out1
1 ADC XX.XX.34.0/32 XX.XX.176.81 0 pppoe-out1
2 ADC 192.168.1.0/24 192.168.1.1 0 bridge1
3 ADC 192.168.1.200/32 192.168.1.150 0 <l2tp-12345> 
For small VoIP packets, the resultant encapsulated packet looks twice the size.