As title, i need to implement a vpn network that connects 3 or 4 lan network under mikrotik’s routers. What’s the best way to achieve that? I read something about l2tp over ipsec, is suitable? i don’t want an hub and spoke topology with a main router that routes traffic because they’re have all the same weight in the network so if one goes down, there’s another way for the others to communicate
ood day friend, you could consider a server vpn high availability.
I’ll leave you an interesting article from which I could take the idea.
https://www.stubarea51.net/2018/04/23/pppoe-high-availability-design-incorporating-multiple-access-concentratorsbras/
i opted for l2tp over ipsec, all it’s working but can it be configured so a router can do both server and client?
like:
Router A
Server for Router B, Router C and Router D
Client that connects simultaneosly to Router B, Router C and Router D
Router B
Server for Router A, Router C and Router D
Client that connects simultaneosly to Router A, Router C and Router D
ecc
ps: OSPF is already in place
You could do it but you will need to implement a script and be verifying the IPs of servers A and B. so they can act as Server or Client.
wait, i don’t understand what you’re trying to say. I you’re talking about wan IPs, i got covered on that by a ddns server and fqdn names on l2tp server configuration
you want to achieve with this?
Router A
Server for Router B, Router C and Router D
Client that connects simultaneosly to Router B, Router C and Router D
Router B
Server for Router A, Router C and Router D
Client that connects simultaneosly to Router A, Router C and Router D
If you lose access to the internet to router A., what does it mean to try to connect as a client or server to or from router A. It is only viable if you have a link where you link to Router A and B.
and the same with routers C and D because if A is the only server, B C and D talk each other through A and if A goes down they’re isolated
edit: deleted erraneous information
Sounds like a great place to use a routing protocol. Sadly no DMVPN in MikroTik land. I’d still likely opt to go with GRE so I could run a dynamic protocol across it. With a true mesh (all routers with links to all other routers) that will get unwieldy quick so an automation tool would be very helpful to help manage the craziness at scale.
You can use BGP or OSPF with static neighbors on L2TP but it becomes unwieldy quickly.
indeed it is and as i already stated in my second post, i already use ospf and it’s working like a charm
the only question left, is ok to make a router acts both like a l2tp client and server?
There is no problem with Server / Clients L2TP, in the same RB, if you can monitor the status of the other devices it would be excellent.
ok, thank you for the infos mate
once i setup that i need to implement a road warriors access too; i already tested that out but there’s a problem: how can i push ospf routes to this clients that use different os (windows, android, linux ecc) when split tunneling is involved?