🐛The Decades old Mikrotik Bug that is Killing your VPNs softly🦟

Multiple roadwarrior access from behind a Mikrotik router to a common VPN server has been a decades old problem mainly for the Windows built-in client. Refer: L2TP/IPSec for Road Warrior

There is no way to fix it on ROS, not even on V7. The Mac client does not have the same problem as Windows as it randomizes the port being used.

However, other platforms do support a patch that allows Windows clients to work. The Fusion SD-WAN platform is one such solution.

The following allows a secondary subnet to be used as an alternative NAT when the firewall has an implementation that doesn't work.

#
sudo iptables -t nat -A cpe_nat_ip_subnet_snat -s 10.0.0.0/8 -j SNAT --to 1.2.3.4

On the Mikrotik configuration, the problematic VPN servers need to be routed across the secondary subnet. This is needs to be on a separate VLAN and IP range.

---

* Ronald works connecting Internet inhabiting things at Fusion Broadband.