客户端连接好,得到一个IP address in the same range as the LAN side of the Mikrotik router, and I'm able to ping from the client computer to computers in the LAN. So far so good.
But how do I manage to pass on broadcast traffic between the VPN client to the LAN and vice versa? I can see UDP broadcast to ports 137/138 (Netbios) arriving at the router, but I don't know how to pass it on to the LAN computers. The LAN computers are all connected to a bridge containing ether2..ether5.
I thought I should be able to add the L2TP to this bridge as well, by specifying the bridge in the Bridge parameter of the PPP policy, but it never shows up.
是在论坛上提到的关于启用BCP on both sides of a PPP tunnel , but the far end of this connection is in Windows XP and I dunno what I can do there.
How do I add the L2TP interface to the bridge?
Or are there any other tricks that can be used to enable access to network browsing and shared printers/disk drives from the client?
This is the setup:
Code:Select all
[admin@MT] > ppp secret export # feb/12/2009 14:42:42 by RouterOS 3.20 # software id = 93B9-LTT # /ppp secret add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \ name=12345 password=12345 profile=L2TP-profile routes="" service=l2tp [admin@MT] > ppp profile export # feb/12/2009 14:42:48 by RouterOS 3.20 # software id = 93B9-LTT # /ppp profile add bridge=bridge1 change-tcp-mss=default comment="" local-address=\ 192.168.1.150 name=L2TP-profile only-one=default remote-address=\ 192.168.1.200 use-compression=default use-encryption=default \ use-vj-compression=default [admin@MT] > interface pr Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU 0 R ether1 ether 1500 1 ether2 ether 1500 2 R ether3 ether 1500 3 ether4 ether 1500 4 R ether5 ether 1500 5 R bridge1 bridge 1500 6 R pppoe-out1 pppoe-out 1480 7 DR l2tp-in 1400 [admin@MT] > interface bridge pr Flags: X - disabled, R - running 0 R name="bridge1" mtu=1500 arp=proxy-arp mac-address=00:0C:42:2E:BD:01 protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m [admin@MT] > interface bridge port pr Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY PATH-COST HORIZON 0 I ether2 bridge1 0x80 10 none 1 ether3 bridge1 0x80 10 none 2 I ether4 bridge1 0x80 10 none 3 ether5 bridge1 0x80 10 none [admin@MT] > ip address pr Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 192.168.1.1/24 192.168.1.0 192.168.1.255 bridge1 1 D XX.XXX.176.81/32 XX.XX.34.0 0.0.0.0 pppoe-out1 2 D 192.168.1.150/32 192.168.1.200 0.0.0.0 [admin@MT] > ip route pr Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE 0 ADS 0.0.0.0/0 reachable 88.88.34.0 1 pppoe-out1 1 ADC XX.XX.34.0/32 XX.XX.176.81 0 pppoe-out1 2 ADC 192.168.1.0/24 192.168.1.1 0 bridge1 3 ADC 192.168.1.200/32 192.168.1.150 0 
For small VoIP packets, the resultant encapsulated packet looks twice the size.