PPTP + UDP broadcast

Dripman · Wed Apr 01, 2015 9:28 pm

Hello all. My router is RB750.

I have 3 real static IP addresses, which were given to me by my ISP.
For now router works in bridged mode (all 5 ports in one bridge, like stupid switch, external ip not used).

scheme.png

I am looking how to configure PPTP server, which would pass broadcast traffic between clients inside of virtual network (i.e. I need LAN emulation). Clients are regular windows 7 clients. For example first client is PC1 and second client from the internet.

I have already tried to do this using -> dhcp client on the bridge interface (to temporary receive external IP from ISP) + pptp server + profile + secret + ip pool -> this works, clients can can connect from internet and ping everybody, but windows network host discovery and LAN games does not work. And by the way subnet mask of pptp connection is 255.255.255.255 instead of 255.255.255.0

Any ideas?

Wed Apr 01, 2015 11:16 pm

I would say go into the PPP profile that the pptp secret is using, and make sure that bridge is set to be the WAN bridge.
If you're just using master/slave on all ports, then you'll need to create a bridge interface, add the master port to the bridge, and then set the new bridge as the PPtP bridge.

This should get you rolling.

Jw1969 · Tue Apr 07, 2015 9:48 am

I would say go into the PPP profile that the pptp secret is using, and make sure that bridge is set to be the WAN bridge.
If you're just using master/slave on all ports, then you'll need to create a bridge interface, add the master port to the bridge, and then set the new bridge as the PPtP bridge.

This should get you rolling.

Doesn't work, Mikrotik PPTP implementation doesn't seems to allow broadcast thru. I can ping and access FTP,etc on the same subnet, just that broadcast doesn't work and that breaks some of my applications that depends on broadcast for the discovery. Hope somebody (Mikrotik) has a fix since this limitation seems to have exists for years whereas other vendor implementation works fine.

Tue Apr 07, 2015 8:21 pm

I just set up a test PPtP bridge like this:

pptp bridge diagram.png

Mikrotik2 is the DHCP server, and R1 (a Cisco router image in my simulator) gets DHCP from Mikrotik-2.
Furthermore, R1 and R2 see each other as CDP neighbors, which is a broadcast that isn't even IP.
This means that the bridge is definitely carrying layer2 directly.

Here are the configs:

[admin@Mikrotik-1] > export compact
#
/interface bridge
add name=LAN
/ppp profile
add bridge=LAN name=pptp-bridge use-ipv6=no use-mpls=no
/interface pptp-client
add allow=mschap1,mschap2 connect-to=10.0.12.2 disabled=no mrru=1600 name=\
    pptp-out1 password=R1 profile=pptp-bridge user=R1
/interface bridge port
add bridge=LAN interface=ether3
/ip address
add address=10.0.12.1/24 interface=ether2 network=10.0.12.0
/system identity
set name=Mikrotik-1


[admin@Mikrotik-2] > export compact
#
/system identity
set name=Mikrotik-2
/interface bridge
add name=LAN
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN lease-time=3d name=dhcp1
/ppp profile
add bridge=LAN change-tcp-mss=yes name=pptp-bridge use-ipv6=no use-mpls=no
/interface bridge port
add bridge=LAN interface=ether3
/interface pptp-server server
set enabled=yes
/ip address
add address=10.0.12.2/24 interface=ether2 network=10.0.12.0
add address=192.168.1.1/24 interface=LAN network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add action=masquerade chain=srcnat out-interface=ether2
/ppp secret
add name=R1 password=R1 profile=pptp-bridge service=pptp

Jw1969 · Mon Apr 13, 2015 12:57 am

Here is the Wiki, CDP doesn't use broadcast address, it uses a multicast. Try this out, setup a DHCP server on one end and a DHCP client on the other and you will notice that the client doesn't pick up a DHCP address from the server...

http://en.wikipedia.org/wiki/Cisco_Discovery_Protocol

I'm not sure why , but it's the devices on the 2 end that cannot see each other....

I just set up a test PPtP bridge like this:

pptp bridge diagram.png

Mikrotik2 is the DHCP server, and R1 (a Cisco router image in my simulator) gets DHCP from Mikrotik-2.
Furthermore, R1 and R2 see each other as CDP neighbors, which is a broadcast that isn't even IP.
This means that the bridge is definitely carrying layer2 directly.

Here are the configs:

[admin@Mikrotik-1] > export compact
#
/interface bridge
add name=LAN
/ppp profile
add bridge=LAN name=pptp-bridge use-ipv6=no use-mpls=no
/interface pptp-client
add allow=mschap1,mschap2 connect-to=10.0.12.2 disabled=no mrru=1600 name=\
    pptp-out1 password=R1 profile=pptp-bridge user=R1
/interface bridge port
add bridge=LAN interface=ether3
/ip address
add address=10.0.12.1/24 interface=ether2 network=10.0.12.0
/system identity
set name=Mikrotik-1


[admin@Mikrotik-2] > export compact
#
/system identity
set name=Mikrotik-2
/interface bridge
add name=LAN
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN lease-time=3d name=dhcp1
/ppp profile
add bridge=LAN change-tcp-mss=yes name=pptp-bridge use-ipv6=no use-mpls=no
/interface bridge port
add bridge=LAN interface=ether3
/interface pptp-server server
set enabled=yes
/ip address
add address=10.0.12.2/24 interface=ether2 network=10.0.12.0
add address=192.168.1.1/24 interface=LAN network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add action=masquerade chain=srcnat out-interface=ether2
/ppp secret
add name=R1 password=R1 profile=pptp-bridge service=pptp

Mon Apr 13, 2015 3:11 pm

In my example, R1 and R2 both got their IP from DHCP served by Mikrotik2.

I will re-build this with R2 = dhcp server and R1 as DHCP client.
I will be surprised if this fails, but if it does, I'll definitely let you know.

Mon Apr 13, 2015 4:55 pm

Done - I removed dhcp-server from Mikrotik2 and configured R2 as dhcp server.
R1 is able to receive DHCP service from R2 as expected.

ARP goes through un-altered as well. (arp is definitely a broadcast)

Here's a debug output on R2:

R1#clear ip arp 192.168.1.1
R1#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 20/50/76 ms
(this first missed ping is normal when a Cisco router has no arp entry)

R1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.1.1             3   c402.1770.0000  ARPA   FastEthernet0/0
Internet  192.168.1.2             -   c401.1a3c.0000  ARPA   FastEthernet0/0
Internet  192.168.1.4             4   0000.ab79.4d02  ARPA   FastEthernet0/0

Here's the arp / ping from R2's point of view.
Note that the MAC addresses are all correct (this is only true for a true bridge)

R2#
*Mar  1 00:09:25.567: IP ARP: rcvd req src 192.168.1.2 c401.1a3c.0000, dst 192.168.1.1 FastEthernet0/0
*Mar  1 00:09:25.571: IP ARP: creating entry for IP address: 192.168.1.2, hw: c401.1a3c.0000
*Mar  1 00:09:25.571: IP ARP: sent rep src 192.168.1.1 c402.1770.0000,
                 dst 192.168.1.2 c401.1a3c.0000 FastEthernet0/0
R2#
*Mar  1 00:09:27.551: ICMP: echo reply sent, src 192.168.1.1, dst 192.168.1.2
*Mar  1 00:09:27.647: ICMP: echo reply sent, src 192.168.1.1, dst 192.168.1.2
*Mar  1 00:09:27.699: ICMP: echo reply sent, src 192.168.1.1, dst 192.168.1.2
*Mar  1 00:09:27.715: ICMP: echo reply sent, src 192.168.1.1, dst 192.168.1.2

I am able to ping / arp / telnet / etc - to and from any of my 4 devices in the topology.
As you can see, PPtP is completely capable of doing a pure bridge, as far as Mikrotik is concerned.

If the client end is not also configured as a bridge, then that leads to issues.

Here are the updated Mikrotik configurations:

[admin@Mikrotik-1] > export compact
#
/interface bridge
add name=LAN
/ppp profile
add bridge=LAN name=pptp-bridge use-ipv6=no use-mpls=no
/interface pptp-client
add allow=mschap1,mschap2 connect-to=10.0.12.2 disabled=no mrru=1600 name=\
    pptp-out1 password=R1 profile=pptp-bridge user=R1
/interface bridge port
add bridge=LAN interface=ether3
/ip address
add address=10.0.12.1/24 interface=ether2 network=10.0.12.0
add address=10.1.1.1/24 interface=ether1 network=10.1.1.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
    interface=LAN use-peer-dns=no use-peer-ntp=no
/system identity
set name=Mikrotik-1


[admin@Mikrotik-2] > export compact
#
/interface bridge
add name=LAN
/ppp profile
add bridge=LAN change-tcp-mss=yes name=pptp-bridge use-ipv6=no use-mpls=no
/interface bridge port
add bridge=LAN interface=ether3
/interface pptp-server server
set enabled=yes
/ip address
add address=10.1.1.2/24 interface=ether1 network=10.1.1.0
add address=10.0.12.2/24 interface=ether2 network=10.0.12.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
    interface=LAN use-peer-dns=no
/ppp secret
add name=R1 password=R1 profile=pptp-bridge service=pptp
/system identity
set name=Mikrotik-2

PPTP + UDP broadcast

PPTP + UDP broadcast

Re: PPTP + UDP broadcast

Re: PPTP + UDP broadcast

Re: PPTP + UDP broadcast

Re: PPTP + UDP broadcast

Re: PPTP + UDP broadcast

Re: PPTP + UDP broadcast

Who is online