I have been using the same config for a few years now but upgrading to the newest Mikrotik versions as they come out... and I think this may be contributing to my problem.

For the first time yesterday we setup a VLAN on an interface (as well as some queues) and since that time any user who VPN's into our network with a PPTP connection (assigned IP's from our IP pool) can only ping our gateway and other remote networks, they can't get to anything on our LAN (same interface the VLAN is on). If I disable the VLAN and move the rule to another interface OR remove the VLAN completely then reboot, everything is fine with the VPN. When we re-add the VLAN to the interface then reboot the VPN stays working but then the VLAN doesn't work -- it's one or the other.

We have some remote offices using PPTP connections but their IP's are not dynamically assigned, we have static routes and accept rules setup in firewall. They stayed up the whole time without a problem.

We have also been trying to get this working and guess it is a similar issue as to why HSRP doesn't work on vlan interfaces either. Can Mikrotik confirm this is the case and if a fix is ever likely to happen or if we should start investing in RB44's

I am assuming its either a firewalling issue, or the MTU on the physical vlan interface (parent) should be set to 1504 ... just a guess.

Sam

I don't think it's either. I can ping from a device on one of the vlans with 1500byte packets and DF set to another device on a different vlan and we haven't got any firewall rules in place. Have tried this at a number of installations with no joy. Have you had any success and how do you set the mtu on an ethernet port to anything higher than 1500?

This is similiar to the problem i had, I could ICMP all day long, but until I set 1504 mtu on the parent interface tcp and udp didn't work correctly, even when using small packets. I assumed it was a mismatch between my windows 2003 server using intel vlans, vmware guest assigned one of those vlan nics, and mikrotik as the gateway.

So the PPP connection, which has nothing to do with a physical interface, causes the vlan to stop functioning? Weird. Is this on a soho license thats limited to 1 of each?

Actually I think the issue with ours was that our ARP on the VLAN & NIC Interface was set to enabled instead of 'proxy-ARP'. After this change it worked.

Actually I think the issue with ours was that our ARP on the VLAN & NIC Interface was set to enabled instead of 'proxy-ARP'. After this change it worked.

We had always set ours to proxy-ARP but still no joy. Would you care to post your configs?

So the PPP connection, which has nothing to do with a physical interface, causes the vlan to stop functioning? Weird. Is this on a soho license thats limited to 1 of each?

Level 5 license so that's not the issue. It doesn't stop the vlan interface from working you just can't ping anything on the vlan from the PPTP client and hence you can't access any local resources.