Forwarding traffic

igpetkov · September 1, 2019, 9:22am

HI, All!
I have two officess- Main and Remote and I need to connect them.
In Main office there is IP PBX, Local servers and Network printer.
I need machines in Remote office to have Layer 2 connection to network in Main office and plan to connect them with EoIP tunnel and machines in Remote office to use DHCP from Main office router, but in same time all external traffic from machines in Remote Office to be directed to WAN of the Remote office and do not flow through EoIP tunnel.
I want only traffic to IP PBX, Local server and printers goes through EoIP tunnel.
Is there way to do that with Mangle rule or something else?
Thank You

CZFan · September 1, 2019, 8:38pm

Personally, I would not use DHCP across the tunnel, if main site is down for long period, it will mean remote site internet access, local network printing, etc, will also be down.
Then issue DHCP from local routers and specify relevant gateway in scopes

igpetkov · September 2, 2019, 4:23am

Thank You, CZFan!
Can you suggest other decision with layer 2 communication. At moment Remote router is connected with L2TP IPSec to Main and both router route internal traffic between then and external to their wans. Both routers have different lan network - main: 192.169.1.0/24 and Remote: 192.168.9.0/24.
But can’t start printing from Remote location on printer in Main network.
Moreover IP phones connect to PBX throuh external IP.

CZFan · September 3, 2019, 6:02pm

You have not provided much info, and from what you have mentioned, I am not sure why L2 is a must. Both printing and VoIP can work across a L3 network.

So I would use IPSec site to site (IKE) VPN between offices, configure the phones as an “External Extension”, but routed across the VPN link, i.e. point to internal IPs, not public IPs, same for printers

JohnTRIVOLTA · September 3, 2019, 6:43pm

I use a similar configuration for L2 transparent connectivity. I use L2TP IPsec with BCP on bridges to the both sides. I usе DHCP on main office with address XX.XX.XX.1/24/respectively gateway for network/ with dhcp-pool from 2-99, and on remote office with address XX.XX.XX.254/24 /respectively gateway for network/ and dhcp-pool from 100-199 . Finaly i block dhcp discovery on L2TP link with bridge filter on both sides !