-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Damien Gardner Jnr Sent: Tuesday, 4 August 2015 7:25 AM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] How to set the pptp client default route distance for IPv6??
Hi Folks,
Not sure if I've found a bug in the PPTP client in RouterOS, or if I'm just missing something. Our ADSL at home is pretty horrendous, so I run ADSL
LTE, PPTP over the top of both back to SY3, and then OSPF over the those (only for connected routes, not default routes - default comes from the PPTP interfaces).
Home nat's out of the the DC, unless the DC is offline, then it falls back to ADSL, an then to 4G.
We do a lot of traffic on our LTE connection, but I've noticed that occasionally we have long streams of outbound traffic, but it's usually overnight, so I haven't been able to torch it.
Turns out, it's IPv6! I didn't realise I even had IPv6 running over the PPTP tunnels, I figured it was just local to the house only, and going to the 'net over our DSL.
But no, we have V6 on the PPTP tunnels, which was unexpected.
The issue turns out to be, that the default routes being created when the PPTP sessions come up, aren't using the 'Default Route Distance' setting on the PPTP interface.
Our V4 default routes look like this: [admin@MikroTik] > /ip route print detail where dst-address=0.0.0.0/0 Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 0 A S dst-address=0.0.0.0/0 gateway=203.45.254.1 gateway-status=203.45.254.1 reachable via pppoe-tid distance=1 scope=30 target-scope=10 routing-mark=out-force-tid ^ Manual default route for servers in the DMZ
1 A S dst-address=0.0.0.0/0 gateway=192.168.8.1 gateway-status=192.168.8.1 reachable via lte1 distance=50 scope=30 target-scope=10 routing-mark=out-force-lte ^ Manual default route for traffic destined to m.telstra.com
2 ADS dst-address=0.0.0.0/0 gateway=192.168.13.2 gateway-status=192.168.13.2 reachable via pptp-out-syd3-adsl distance=10 scope=30 target-scope=10 ^ Default route over PPTP-ADSL. Lowest distance, as preferred
3 DS dst-address=0.0.0.0/0 gateway=192.168.13.3 gateway-status=192.168.13.3 reachable via pptp-out-syd3-lte distance=20 scope=30 target-scope=10 ^ Default route over PPTP-LTE. Second-lowest distance, keeps NAT sessions running, but we firewall off a few things to keep bandwidth down
4 DS dst-address=0.0.0.0/0 gateway=203.45.254.1 gateway-status=203.45.254.1 reachable via pppoe-tid distance=40 scope=30 target-scope=10 ^ Default route if both PPTP are down - out ADSL
5 DS dst-address=0.0.0.0/0 gateway=192.168.8.1 gateway-status=192.168.8.1 reachable via lte1 distance=50 scope=30 target-scope=10 vrf-interface=lte1 ^ Deafult route of last resort, natting out behind LTE
However our V6 routes look like this: [admin@MikroTik] > /ipv6 route print detail where dst-address=::/0 Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable 0 ADS dst-address=::/0 gateway=pppoe-tid gateway-status=pppoe-tid reachable distance=1 scope=30 target-scope=10 1 DS dst-address=::/0 gateway=fe80::2a94:fff:fef1:5900%pppoe-tid gateway-status=fe80::2a94:fff:fef1:5900%pppoe-tid reachable distance=1 scope=30 target-scope=10 2 DS dst-address=::/0 gateway=pptp-out-syd3-adsl gateway-status=pptp- out-syd3-adsl reachable distance=1 scope=30 target-scope=10 3 DS dst-address=::/0 gateway=pptp-out-syd3-lte gateway-status=pptp- out-syd3-lte reachable distance=1 scope=30 target-scope=10
Yep, the distances are ALL 1. So it's ignoring the default distance in use on the PPTP and PPPOE interfaces entirely.
Am I missing something? I guess I could remove the 'Add Default Route' tickbox on each session, and manually enter default routes? But surely
Default Route Distance should be applying to V6 as well?
At the worst, can I just turn OFF V6 on the PPTP-LTE session? V6 won't work with ADSL down, since it's using TID-assigned V6 space at the moment.
This is a CRS-109-8G-1S-2HnD on 6.30.2.
Thanks,
Damien
--
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of
'bug' or 'feature'? :-D I suppose that if you have IPv6 enabled on the router, it will automatically allocate v6 addresses and routes on dialled interfaces in just the same way that v4 is assigned without you necessarily needing to enable that. It makes some kind of sense that when v6 is supported and enabled, it should 'just work'. After all, you don't have to manually enable v4 addresses on pppoe/tp etc either :-} I suspect that the answer will lie at the other end - on the server side you should be able to define whether v6 is enabled or not because you have to set all of the client and gateway IP addresses in server (pppoe, pptp, dhcp, ...) configs. That's my take on it anyhow :) Cheers! Mike + the thunder.
We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au