Hello,
I need seriously help for mikrotik-to-mikrotik VPN and a few extra things. Can somebody help me over e-mail/gtalk/msn ?
what specifically do you need help with? Have you tried something that hasn’t worked? maybe you should post some details about your setup.
/ip address print
/ip firewall export
/ip route print
(between code tags)
Hello,
I’m trying to connect different sites to a central site with VPN. I started by trying to connect one of the remote locations to the central and actually i did it with PPTP & EoIP Tunnel but there are serious problems.
I’ll explain and post the configurations but first, please give me advice for a VPN method. Which is the best for connecting more than two sites ?
The purpose :
There are one central location and 5-6 remote locations. All of the locations have two WANs and one LAN at least. I also need to do load balancing between these WANs but this is not my first priority. My first priority is to connect one remote location to the central.
What i did ? :
I followed the following videos and created everything i need. It seems to work but not as i expected. When i ping central’s GW from one of the remote locations first, the central can’t ping to the remote location’s GW. When i ping the remote location’s GW from the central first, the remote location can’t ping the cental’s GW. It seems there is a one way connection. So, it is useless for me.
There is an annoying “Encryption got out of sync” error also. ( here is the topic : http://forum.mikrotik.com/t/pptp-encryption-got-out-of-sync/43992/1 )
http://www.youtube.com/watch?v=S_mbKtDD30o
http://www.youtube.com/watch?v=o9Cxknv3CME
http://www.youtube.com/watch?v=WFF2O4NqOpo
Central mikrotik’s config :
> /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 X ;;; default configuration
192.168.88.1/24 192.168.88.0 192.168.88.255 ether2-local-master
1 82.35.120.247/24 82.35.120.0 82.35.120.255 ether2-local-master
2 192.168.85.1/24 192.168.85.0 192.168.85.255 ether3
3 X 82.35.120.248/24 82.35.120.0 82.35.120.255 ether5-local-slave
4 82.35.29.58/30 82.35.29.56 82.35.29.59 ether1-gateway
5 72.111.61.145/28 72.111.61.144 72.111.61.159 ether5-local-slave
6 D 192.168.85.1/32 192.168.26.1 0.0.0.0 user-pptp-server
7 D 192.168.85.1/32 192.168.26.1 0.0.0.0 <pptp-userauth>
8 D 192.168.85.1/32 192.168.26.1 0.0.0.0 <pptp-userauth-1>
9 D 192.168.85.1/32 192.168.26.1 0.0.0.0 <pptp-userauth-2>
10 D 192.168.85.1/32 192.168.26.1 0.0.0.0 <pptp-userauth-3>
11 D 192.168.85.1/32 192.168.26.1 0.0.0.0 <pptp-userauth-4>
> /interface eoip print
Flags: X - disabled, R - running
0 R name="eoip-tunnel-imes" mtu=1500 l2mtu=65535 mac-address=02:54:BD:E7:D1:9B arp=enabled
remote-address=192.168.26.1 tunnel-id=1
> /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 eoip-tunnel1 bridge1 0x80 10 none
1 ether3 bridge1 0x80 10 none
> /ip firewall export
# jan/18/1970 10:17:58 by RouterOS 4.11
# software id = H1T1-SS5H
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s \
tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no out-interface=\
ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
> /ip route export
# jan/18/1970 10:22:24 by RouterOS 4.11
# software id = H1T1-SS5H
#
/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
82.35.29.57 scope=30 target-scope=10
add comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=82.35.120.1 scope=30 \
target-scope=10
Remote Location’s Config :
> /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 85.10.147.120/24 85.10.147.0 85.10.147.255 ether2-local-master
1 10.0.5.1/24 10.0.5.0 10.0.5.255 ether5
2 192.168.26.1/24 192.168.26.0 192.168.26.255 ether4
3 D 192.168.26.1/32 192.168.85.1 0.0.0.0 pptp-out1
> /interface eoip print
Flags: X - disabled, R - running
0 R name="eoip-tunnel1" mtu=1500 l2mtu=65535 mac-address=02:8B:FB:5B:CE:59 arp=enabled
remote-address=192.168.85.1 tunnel-id=1
> /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 eoip-tunnel1 bridge1 0x80 10 none
1 I ether4 bridge1 0x80 10 none
> /ip firewall export
# jan/05/1970 06:57:32 by RouterOS 4.11
# software id = 3T2W-87NW
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether2-local-master
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=yes ports=5060,5061
set pptp disabled=no
> /ip route export
# jan/05/1970 07:04:33 by RouterOS 4.11
# software id = 3T2W-87NW
#
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=85.10.147.1 scope=30 target-scope=10
add comment="" disabled=yes distance=1 dst-address=192.168.26.0/24 gateway=192.168.85.1 scope=30 target-scope=10
bump!
Any idea ?