Hello! First post here, having trouble with my project. There is a diagram in the attachment for details.
2 small problems I have
Need my SSTP IP’s accessible from the local network (server) 10.100.0.0/16 to 10.10.10.0/24
Not sure if this is an ESXi networking issue, but the servers are getting a 10.10.10.X IP and not able to ping 10.100.1.4 for example.
__
Need access to the Switch and Managed Routers via IP that is tied from the Remote Router over the SSTP VPN, not traffic but access only.
172.16.0.0/28 and 100.100.0.0/20
__
NOTE: In the config is the 10.102.0.0/16 IP range not 10.100.0.0/16 in the diagram (will move it over after its working)
Know I can put SSTP on each Manged router then it doesn’t matter on the IP, but then I have a ton of SSTP end points. Tried proxy-arp on the core and vpn, didn’t make a change.
__
Core Router Config
/interface bridge
add name=bridge_local
/interface list
add name=WAN
add name=LAN
/ip pool
add name=pool_dhcp ranges=10.10.10.10-10.10.10.254
add name=pool_vpn1 ranges=10.102.0.10-10.102.255.254
/ip dhcp-server
add address-pool=pool_dhcp disabled=no interface=bridge_local name=dhcp_local
/ppp profile
set *0 local-address=10.101.0.1 remote-address=pool_vpn1
add change-tcp-mss=yes name=pppoe
set *FFFFFFFE local-address=10.101.0.1 remote-address=pool_vpn1
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1
password=XXXX profile=pppoe service-name=XXXX use-peer-dns=
yes user=XXXX
/interface bridge port
add bridge=bridge_local interface=ether2
add bridge=bridge_local interface=ether3
add bridge=bridge_local interface=ether4
add bridge=bridge_local interface=ether5
add bridge=bridge_local interface=ether6
add bridge=bridge_local interface=ether7
add bridge=bridge_local interface=ether8
add bridge=bridge_local interface=sfp-sfpplus1
add bridge=bridge_local interface=sfp1
/interface l2tp-server server
set enabled=yes ipsec-secret=XXXX use-ipsec=yes
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge_local list=LAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set enabled=yes
/ip address
add address=10.10.10.1/24 interface=bridge_local network=10.10.10.0
add address=XXXX interface=bridge_local network=XXXX
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server alert
add disabled=no interface=bridge_local on-alert=“:log warning "DHCP Alert"”
valid-server=4C:5E:0C:6B:BD:1A
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1 netmask=24
/ip firewall nat
add action=masquerade chain=srcnat comment=lan out-interface-list=WAN
add action=masquerade chain=srcnat comment=vpn1 src-address=10.101.0.0/16
/ip route
add comment=vpn2 distance=1 dst-address=10.102.0.0/16 gateway=XXXX
__
VPN Concentrator Config
/interface bridge
add name=bridge protocol-mode=none
add name=loopback
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] comment=WAN
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/ip pool
add name=pool_vpn2 ranges=10.102.0.100-10.102.255.254
/ppp profile
set *0 local-address=10.102.0.1 only-one=yes remote-address=pool_vpn2
set *FFFFFFFE local-address=10.102.0.1 only-one=yes remote-address=pool_vpn2
/interface l2tp-server server
set enabled=yes ipsec-secret=XXXX use-ipsec=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set enabled=yes
/ip address
add address=XXXX interface=sfp-sfpplus1 network=XXXX
/ip dns
set servers=1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat comment=vpn2 src-address=10.102.0.0/16
/ip route
add distance=1 gateway=XXXX
