There are two offices with ipip ipsec vpn according to the scheme https://systemzone.net/mikrotik-ipip-tu ... o-site-vpn
1) Is it possible for Office 2 computers (10.10.12.2,4) to access the Internet only through the Office 1 router (192.168.70.2)?
2) Is it possible for Office 2 computers (10.10.12.2,4) to access the Internet only through the Office 1 additional router (for example, 10.10.11.3)?
Re: How to access the Internet via an ipsec tunnel in another office
1) Yes, it's possible with the help of routing tables and routing rules
2) Would need a diagram to see what you mean by additional router
2) Would need a diagram to see what you mean by additional router
Re: How to access the Internet via an ipsec tunnel in another office
1) Could you specify additional routing settings for the scheme in the article https://systemzone.net/mikrotik-ipip-tu ... o-site-vpn
It is required that all computers on the Office 2 network have Internet access only through the Office router 1 172.22.22.1/30
2) The same circuit is used as the network diagram (see https://www.mediafire.com/view/wkgc6ngn ... 1.jpg/file)
As an additional router, it acts according to the scheme 10.10.11.3, which has a WAN 192.168.50.2/30. It is required that all computers on the Office 2 network have Internet access only through the additional Office1 router LAN=10.10.11.3, WAN=192.168.50.2/30
Naturally, options 1 and 2 are two different cases
What changes will be required to the original scheme so that the Internet connection works according to option 1?
What changes will be required to the original scheme so that the Internet connection works according to option 2?
It is required that all computers on the Office 2 network have Internet access only through the Office router 1 172.22.22.1/30
2) The same circuit is used as the network diagram (see https://www.mediafire.com/view/wkgc6ngn ... 1.jpg/file)
As an additional router, it acts according to the scheme 10.10.11.3, which has a WAN 192.168.50.2/30. It is required that all computers on the Office 2 network have Internet access only through the additional Office1 router LAN=10.10.11.3, WAN=192.168.50.2/30
Naturally, options 1 and 2 are two different cases
What changes will be required to the original scheme so that the Internet connection works according to option 1?
What changes will be required to the original scheme so that the Internet connection works according to option 2?
Re: How to access the Internet via an ipsec tunnel in another office
1) 1. Create a routing table
2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel:
2) 1. Create a routing table
2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel
4. On the other side of the tunnel make analogous edits to the configuration
Office 2:
Office 1:
2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel:
Code: Select all
/routing table add fib name=through_IPIP
/ip route add dst-address=0.0.0.0/0 gateway=172.22.22.1 routing-table=through_IPIP
/routing rule
add action=lookup-only-in-table src-address=10.10.12.0/24 table=through_IPIP2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel
4. On the other side of the tunnel make analogous edits to the configuration
Office 2:
Code: Select all
/routing table add fib name=through_IPIP
/ip route add dst-address=0.0.0.0/0 gateway=172.22.22.1 routing-table=through_IPIP
/routing rule
add action=lookup-only-in-table src-address=10.10.12.0/24 table=through_IPIPCode: Select all
/routing table add fib name=through_Router1
/ip route add dst-address=0.0.0.0/0 gateway=10.11.11.3 routing-table=through_Router1
/routing rule
add action=lookup-only-in-table src-address=172.22.22.1/30 table=through_Router1
Last edited by TheCat12 on Tue Apr 16, 2024 9:11 am, edited 1 time in total.
Re: How to access the Internet via an ipsec tunnel in another office [SOLVED]
I'm afraid I might get confused in the settings of options 1 and 2.
Could you clarify which settings apply to option 1 and which for option 2?
I'll clarify it again:
Option 1 - All of Office 2 computers mast to access the Internet only through the Office 1 router (WAN 192.168.70.2, LAN 10.10.11.1)
https://systemzone.net/wp-content/uploa ... -ipsec.jpg
Option 2 - All of Office 2 computers mast to access the Internet only through the Office 1 additional router (WAN 192.168.50.2, LAN 10.10.11.3)
https://www.mediafire.com/view/wkgc6ngn ... 1.jpg/file
It is advisable to specify the settings in different posts to reduce confusion
Thanks for info.
Could you clarify which settings apply to option 1 and which for option 2?
I'll clarify it again:
Option 1 - All of Office 2 computers mast to access the Internet only through the Office 1 router (WAN 192.168.70.2, LAN 10.10.11.1)
https://systemzone.net/wp-content/uploa ... -ipsec.jpg
Option 2 - All of Office 2 computers mast to access the Internet only through the Office 1 additional router (WAN 192.168.50.2, LAN 10.10.11.3)
https://www.mediafire.com/view/wkgc6ngn ... 1.jpg/file
It is advisable to specify the settings in different posts to reduce confusion
Thanks for info.
Re: How to access the Internet via an ipsec tunnel in another office
perhaps you made an inaccuracy here and there was a misunderstanding
2) 1. Create a routing table
2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel
4. On the other side of the tunnel make analogous edits to the configuration
If I understood correctly then
---- option 1 -------
Office2
1) 1. Create a routing table
2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel:
---- option 2 -------
2) 1. Create a routing table
2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel
4. On the other side of the tunnel make analogous edits to the configuration
Office 2:
Office 1:
Is that what you meant?
it should be corrected like this1) 1. Create a routing table
2) 1. Create a routing table
2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel
4. On the other side of the tunnel make analogous edits to the configuration
If I understood correctly then
---- option 1 -------
Office2
1) 1. Create a routing table
2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel:
Code: Select all
/routing table add fib name=through_IPIP
/ip route add dst-address=0.0.0.0/0 gateway=172.22.22.1 routing-table=through_IPIP
/routing rule add action=lookup-only-in-table src-address=10.10.12.0/24 table=through_IPIP2) 1. Create a routing table
2. Add a default route to the IPIP address
3. Create a routing rule for the office computers to force their traffic through the tunnel
4. On the other side of the tunnel make analogous edits to the configuration
Office 2:
Code: Select all
/routing table add fib name=through_IPIP
/ip route add dst-address=0.0.0.0/0 gateway=172.22.22.1 routing-table=through_IPIP
/routing rule add action=lookup-only-in-table src-address=10.10.12.0/24 table=through_IPIPCode: Select all
/routing table add fib name=through_Router1
/ip route add dst-address=0.0.0.0/0 gateway=10.11.11.3 routing-table=through_Router1
/routing rule add action=lookup-only-in-table src-address=172.22.22.1/30 table=through_Router1
Last edited by ysha on Tue Apr 16, 2024 9:18 am, edited 2 times in total.
Re: How to access the Internet via an ipsec tunnel in another office
Sorry, you're correct. A typo 
Re: How to access the Internet via an ipsec tunnel in another office
Thanks for the information, I will try to apply