Hello there,
I need to setup a connection between 2 offices.
I have a bunch of other offices connected by my internet provider, but 1 of them cannot be done by them ! Well it is right now, but really slow with the DSL so I have to change their connection and do my own tunnel !

In my main office, I have a RB493g which act as my router/firewall, and I ordered a RB751U for the other office.
My main office uses 172.16.1.x/24, and the other office uses 172.16.8.x/24

What will be the most reliable connection between the 2 of them so that it acts like if they were in the same office ?
They will both have WAN static IP adress!

I have read about EoIP, IPIP, IPsec, ect, but I m not sure which one would be the most reliable, and also the fact that the local IP adress is not in the same range ... (they already have printer in that range, my RB493g has DHCP relay enabled for them, ect)

Any hints will be more then welcome!

Thank you very much,
Martin L.

Hello there,
I need to setup a connection between 2 offices.
I have a bunch of other offices connected by my internet provider, but 1 of them cannot be done by them ! Well it is right now, but really slow with the DSL so I have to change their connection and do my own tunnel !

In my main office, I have a RB493g which act as my router/firewall, and I ordered a RB751U for the other office.
My main office uses 172.16.1.x/24, and the other office uses 172.16.8.x/24

What will be the most reliable connection between the 2 of them so that it acts like if they were in the same office ?
They will both have WAN static IP adress!

I have read about EoIP, IPIP, IPsec, ect, but I m not sure which one would be the most reliable, and also the fact that the local IP adress is not in the same range ... (they already have printer in that range, my RB493g has DHCP relay enabled for them, ect)

Any hints will be more then welcome!

Thank you very much,
Martin L.

PPTP and L2TP are stable. OVPN is not stable. SSTP is not stable. You can use IPSec to encrypt any of the protocols, even PPTP and L2TP (which are already encrypted) if you need to or need additional encryption.

Search the wiki for these protocols to see good examples of how they are used between different networks.

I think the best connection method is EoIP. See no problem to make all two offices in one network, for example 172.16.1.x/22 ?

Well Actualy I do !!
I have 7 offices in different location and they are all on different subnets:
172.16.1.x/24
172.16.2.x/24
172.16.3.x/24
until 172.16.8.x which is the one I need to make a tunnel between the 2 mikrotik !
I also thought the EoIP was the best way, but I was wondering if it suits my situation !

And is it really better then PPTP !!

Well Actualy I do !!
I have 7 offices in different location and they are all on different subnets:
172.16.1.x/24
172.16.2.x/24
172.16.3.x/24
until 172.16.8.x which is the one I need to make a tunnel between the 2 mikrotik !
I also thought the EoIP was the best way, but I was wondering if it suits my situation !

And is it really better then PPTP !!

EOIP is not encrypted, so make sure you run it through something that is like L2TP or IPSEC... if you data is important to you...

Well Actualy I do !!
I have 7 offices in different location and they are all on different subnets:
172.16.1.x/24
172.16.2.x/24
172.16.3.x/24
until 172.16.8.x which is the one I need to make a tunnel between the 2 mikrotik !
I also thought the EoIP was the best way, but I was wondering if it suits my situation !

And is it really better then PPTP !!

EOIP is not encrypted, so make sure you run it through something that is like L2TP or IPSEC... if you data is important to you...

Ho .. not encrypted !!!
I tought it was encrypted.. since it s a protocol only used by Mikrotiks !

Then I guess just a normal PPTP will be perfect !!
I just want it to be "normaly" encrypted since it for citrix session which is a bit encrypted already ... and the most stable possible !

The only encrypted tunnels in mikrotik are IPSec, L2TP (optional encryption), PPTP (optional encryption), SSTP (optional encryption), and OVPN.

Everything else is NOT encrypted.

The only encrypted tunnels in mikrotik are IPSec, L2TP (optional encryption), PPTP (optional encryption), SSTP (optional encryption), and OVPN.

Everything else is NOT encrypted.

And you say PPTP is stable !
Then I guess this is the best bet for me !!

PPTP is subjected to some security flaws. if i was going to use tcp tunneling, id go with SSTP. and probably your most advanced option is L2TP/IPSec

PPTP is subjected to some security flaws. if i was going to use tcp tunneling, id go with SSTP. and probably your most advanced option is L2TP/IPSec

SSTP is not stable... look around the forums for plently of reports of that.

Well, L2tp/IPsec then ?

The office is 3 hours far from my place .. I'm setting the Mikrotik here and then send to them !
I would like to know what will be the best settign I could use !

Right now, I only getting more confuse !

I also would like them to use the internet from my office so that I can see what they are doing on the internet !
That mean I need to setup the mikrotik to only be a bridge to my main network.
the DHCP server is my AD, ect !

Any idea what should I do ?

Thank you very much for your help!
Martin L.

I guess if I follow that : http://gregsowell.com/?p=787
I should be alright !

Ok, I followed the link from gregsowell above and and I have a problem!
I loosed internet acces on 1 end !
can't tell why, but I still have acces from my main office, but I loose internet acces from my branch office !

Any idea what happens ?

Thank you very much for your greatly approceiated help,
Martin L.

The default route on each side should still be your regular isp gateway, and you should only be routing the lan-to-lan traffic. If you do that, your internet traffic won't be affected.

The default route on each side should still be your regular isp gateway, and you should only be routing the lan-to-lan traffic. If you do that, your internet traffic won't be affected.

I followed exactly what is in the video !

But if I want to have the computer connected to the second router to use the internet from the first router, is there any other way to achieve that ?

I'll have a barracuda web filtering installed on my primary network and I would like to have all my computers from all offices to go through it !

The default route on each side should still be your regular isp gateway, and you should only be routing the lan-to-lan traffic. If you do that, your internet traffic won't be affected.

I followed exactly what is in the video !

But if I want to have the computer connected to the second router to use the internet from the first router, is there any other way to achieve that ?

I'll have a barracuda web filtering installed on my primary network and I would like to have all my computers from all offices to go through it !

Oh, if you want your second network to use the internet of the first network, then you need to route all traffic through the ppp link. You should probably masquerade it as it goes through, just like you would for the regular internet connection.

Oh, if you want your second network to use the internet of the first network, then you need to route all traffic through the ppp link. You should probably masquerade it as it goes through, just like you would for the regular internet connection.

Like a PPTP connection ?

I was able to make both intenet working now .. the problem was my provider which was having problem yesterday

So my tunnel IPsec is perfectly working now and can ping both network !

But as I said, I will install a Barracuda web filtering in my main office so I'd like to have all the internet go through my primary router!
And use a DHCP relay to point to my DHCP server !

PPTP would be the key ?

Oh, if you want your second network to use the internet of the first network, then you need to route all traffic through the ppp link. You should probably masquerade it as it goes through, just like you would for the regular internet connection.

Like a PPTP connection ?

I was able to make both intenet working now .. the problem was my provider which was having problem yesterday

So my tunnel IPsec is perfectly working now and can ping both network !

But as I said, I will install a Barracuda web filtering in my main office so I'd like to have all the internet go through my primary router!
And use a DHCP relay to point to my DHCP server !

PPTP would be the key ?

Any of the tunneling protocols will work, depending on your desired setup.

Yes, PPtP is fine.

I think the IPsec tunnel is a really stable way to have it done, Am I right ?

If so, I will leave it that way, and install a barracuda's web filtering remote agent on their PC so that they follow the same rules I set !

I just really don't want to link to fail .. my Boss has had really hard time with bad connection in the pass and now I want to make it the most stable possible !

I think the IPsec tunnel is a really stable way to have it done, Am I right ?

If so, I will leave it that way, and install a barracuda's web filtering remote agent on their PC so that they follow the same rules I set !

I just really don't want to link to fail .. my Boss has had really hard time with bad connection in the pass and now I want to make it the most stable possible !

The thing with IPSec is that sometimes it won't reconnect and you have to delete the SA's and sometimes you have to disable/enable to make them reconnect for some reason.