There are two offices with ipip ipsec vpn according to the scheme https://systemzone.net/mikrotik-ipip-tunnel-with-ipsec-site-to-site-vpn
Is it possible for Office 2 computers (10.10.12.2,4) to access the Internet only through the Office 1 router (192.168.70.2)?
Is it possible for Office 2 computers (10.10.12.2,4) to access the Internet only through the Office 1 additional router (for example, 10.10.11.3)?
Could you specify additional routing settings for the scheme in the article https://systemzone.net/mikrotik-ipip-tu … o-site-vpn
It is required that all computers on the Office 2 network have Internet access only through the Office router 1 172.22.22.1/30
The same circuit is used as the network diagram (see https://www.mediafire.com/view/wkgc6ngnj8tr3hf/site-to-site-ipip-tunnel-with-ipsec_with_add_router_office1.jpg/file)
As an additional router, it acts according to the scheme 10.10.11.3, which has a WAN 192.168.50.2/30. It is required that all computers on the Office 2 network have Internet access only through the additional Office1 router LAN=10.10.11.3, WAN=192.168.50.2/30
Naturally, options 1 and 2 are two different cases
What changes will be required to the original scheme so that the Internet connection works according to option 1?
What changes will be required to the original scheme so that the Internet connection works according to option 2?
/routing table add fib name=through_IPIP
/ip route add dst-address=0.0.0.0/0 gateway=172.22.22.1 routing-table=through_IPIP
/routing rule
add action=lookup-only-in-table src-address=10.10.12.0/24 table=through_IPIP
Office 2:
/routing table add fib name=through_IPIP
/ip route add dst-address=0.0.0.0/0 gateway=172.22.22.1 routing-table=through_IPIP
/routing rule
add action=lookup-only-in-table src-address=10.10.12.0/24 table=through_IPIP
Office 1:
/routing table add fib name=through_Router1
/ip route add dst-address=0.0.0.0/0 gateway=10.11.11.3 routing-table=through_Router1
/routing rule
add action=lookup-only-in-table src-address=172.22.22.1/30 table=through_Router1
I’m afraid I might get confused in the settings of options 1 and 2.
Could you clarify which settings apply to option 1 and which for option 2?
I’ll clarify it again:
Option 1 - All of Office 2 computers mast to access the Internet only through the Office 1 router (WAN 192.168.70.2, LAN 10.10.11.1)
https://systemzone.net/wp-content/uploads/2018/03/site-to-site-ipip-tunnel-with-ipsec.jpg
Option 2 - All of Office 2 computers mast to access the Internet only through the Office 1 additional router (WAN 192.168.50.2, LAN 10.10.11.3)
https://www.mediafire.com/view/wkgc6ngnj8tr3hf/site-to-site-ipip-tunnel-with-ipsec_with_add_router_office1.jpg/file
It is advisable to specify the settings in different posts to reduce confusion
Thanks for info.
perhaps you made an inaccuracy here and there was a misunderstanding
- Create a routing table
it should be corrected like this
If I understood correctly then
---- option 1 -------
Office2
/routing table add fib name=through_IPIP
/ip route add dst-address=0.0.0.0/0 gateway=172.22.22.1 routing-table=through_IPIP
/routing rule add action=lookup-only-in-table src-address=10.10.12.0/24 table=through_IPIP
---- option 2 -------
Office 2:
/routing table add fib name=through_IPIP
/ip route add dst-address=0.0.0.0/0 gateway=172.22.22.1 routing-table=through_IPIP
/routing rule add action=lookup-only-in-table src-address=10.10.12.0/24 table=through_IPIP
Office 1:
/routing table add fib name=through_Router1
/ip route add dst-address=0.0.0.0/0 gateway=10.11.11.3 routing-table=through_Router1
/routing rule add action=lookup-only-in-table src-address=172.22.22.1/30 table=through_Router1
Is that what you meant?
Sorry, you’re correct. A typo 
Thanks for the information, I will try to apply