A bridge isn't required on MT at all. I usually assign separate IP space
and adjust my firewall rules as necessary. The MT handles routing
between the subnets.
If you want to be on the same IP space, just make sure you use a
"reserved" part of the LAN subnet for PPTP and enable proxy-arp.
Rory McCann
MKAP Technology Solutions
Web: www.mkap.net
On 8/5/2014 11:49 AM, Grand Avenue Broadband wrote:
I thought a bridge was required for PPP / profiles. If I leave that out, I
have two interfaces in the same address space, and it was drummed into me that
that was a no-no on the MikroTik...?
On Aug 5, 2014, at 3:05 AM, Scott Reed <[email protected]> wrote:
You don't need the bridge. Create the VPN with an inside address in his
address range.
When you log in, you have a address in his range, so effectively you are
"inside."
On 8/4/2014 9:34 PM, Grand Avenue Broadband wrote:
I have a neighborhood tower, hosted by a resident. The resident gets service
over the POE cable, while his neighbors are wireless.
All subscribers have static nonroutable IPs. All subscribers are limited to a
contract speed. Each subscriber's speed is limited in his own Mikrotik CPE.
Since the host has no CPE, I limit his speed by a simple queue on the ethernet
port.
The host's ethernet port is NATted to provide the host with a private address
range for the devices inside his home, all the traffic from which shows up
NATted to a particular subcriber-range nonroutable IP that identifies him.
All fine so far.
I need to set up a PPTP VPN so I can log into the router remotely for troubleshooting
"as if I were" a device in the host's residence. To do this, I put the
ethernet port into a bridge (moving the address and the DHCP server target
appropriately), then create a PPTP VPN that attaches to that bridge and shares the host's
DHCP pool.
This all works, too, as far as function goes.
What doesn't work at this point is the simple queue. If I leave the simple
queue on the hardware interface, it limits the host's speed TO the network
only. If I change the simple queue to the bridge instead of the interface, it
limits the host's speed FROM the network only.
If I create a simple queue on each, I can "make it work," but that "solution"
strikes me as a kludge. What am I doing wrong?
--
Scott Reed
Owner
NewWays Networking, LLC
Wireless Networking
Network Design, Installation and Administration
Mikrotik Advanced Certified
www.nwwnet.net
(765) 855-1060 (765) 439-4253 Toll-free (855) 231-6239
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
