MikroTik

Hi all,

I've managed to setup a PPTP Server on MTik, to allow employees from a company to access their network from outside (their homes) through a VPN connection. Everything works, except, of course, UDP broadcast, which is needed for NetBIOS names resolution (and thus, browsing the Microsoft Network).

My question is this: How can I setup the MTik device to allow employees to connect to their work network from their homes so that the connectivity is as close as to one they have when they are physically at the workplace (meaning, I'd like them to have full tcp/udp/icmp/ip functionality tunneled without any restrictions)?

Shortly, what is the best choice of vpn/tunnel/something that I can use to achieve (MT is the gateway in the LAN):
- remote client (from outside of LAN) authenticating itself to MT in order to get access to the LAN at work
- client having 100% functionality of LAN, just like he is physically present with his laptop at work

I've read about Wins, but that is not the answer simply because it's a workaround (it shifts the problem of udp broadcasting to a Wins/TCP service). I can install Wins, but some other applications might use udp broadcasting, that remote clients (connected to the network through the VPN tunnel) won't be able to see and this will not be easy to replace like with Wins server.

So, please tell me what are the best options to really allow employees to "work from home" as if they are physically at workplace?

bump?

By default PPTP sends IP traffic only, that denies proper Netbios operation.
Is there any router or computer connected directly to the Internet at home?

There are different solutions available,
- PPTP +BCP (bridge control protocol), that allows to bridge PPTP interface. BCP support required on both ends.
- EoIP, tunnel makes Ethernet connection over remote network, MikroTik router required on both ends.

Hi, thanks for your reply.

By default PPTP sends IP traffic only, that denies proper Netbios operation.

As far as I know UDP is IP too, so Mikrotik should send both TCP/UDP without any restrictions. If I can understand correctly, the problem with UDP broadcast is because of different segments, which could be solved bridging inner (LAN) interface with outer (tunnel) interface, just like here: http://blog.butchevans.com/2009/12/how- ... -and-pptp/


I need this exact scenario, just with 1 Mtik. At other side, there would only be a remote/roaming client, connecting to that Mtik, establishing a tunnel and joining the LAN network. Are there any examples how to do this properly with Mtik?

Is there any router or computer connected directly to the Internet at home?

I need the possibility for a remote/roaming user (travelling around the world) to be able at any time to connect to his home network through the tunnel with his laptop only (and some internet connectivity). So, no, there is no permanent router from the other side to setup a permanent tunnel.

Put pptp user in the same IP range as LAN users and set arp=proxy-arp for lan interface on Mikrotik. That should do the job.

I did that and I can ping machines using LAN ip addresses, but udp broadcast is not relayed from LAN to VPN user and vice versa. There was a tool bcrelay (with PoPToP open source pptp server) which was doing exactly that (udp broadcast relaying from one network segment to another) and this functionality would solve the problem in routeros too. But I just didn't find anything similar to this in the mtik manual...

About 6 years past since this topic was started and nothing changed...
Described issue is still actual. Simple home routers like D-Link they do it but MTik does not...

I'm also frustrated by this. Most companies have road warriors, not just offices that can rely on BCP. You'd think Mikrotik could just "make it happen", but waiting indefinitely is just not acceptable.

About 6 years past since this topic was started and nothing changed...
Described issue is still actual. Simple home routers like D-Link they do it but MTik does not...