I have 2 office and I want to connect 2 each office using mikrotik vpn server / vpn client / and route function.
First time, I use 2 HAP AC as front end of NW and it is able to connect each other.
But, office 2(NW2 above) is changed because I have to use DHCP server of broadband router supplied by carrier.
So, I set my CRS326 as switch and connect all device to CRS326 and set CRS326 as vpn client.
I add route rules to crs326 but it is not working.
I guess it is because packets CRS326 is received is encapsulated by Broadband Router and CRS326 cannot know ‘from’ and ‘to’ IPs.
Is it able to route traffics to 192.168.1.x is using vpn gateway on CRS326(as switch mode)? Broadband router on front end is not strong and cannot customize where to route.
Thanks for reading and Sorry for my poor English.
Best regards.
since you don’t put any configuration here, let me try to interpret your network and i might or someone might be able to help you along the way,
you have two network 192.168.1.0/24 in main office i believed and you have branch office on 192.168.0.0/24 network. from the branch network you have CRS326 that serve/act as a switch and router at the same time and you use CRS326 to established a vpn connection to the main office is that right?
if my assumption is correct what are the part of your configuration is working and not working? or please upload your configuration here and sanitize it please
upload all configuration for all of the device involved in your setup so that we can clearly see what’s working or not for us to help you, don’t worry the language barrier your configuration is suffice enough to tell us what do you want to achieved
Do not expect more than 90/100 Mbit/s aggregated traffic.
All the vpn and routing must pass to the CPU, and the device have only one core at 800Mhz for that.
If CRS’ role in the network is switch, then it will mostly be ignored for routing tasks. It can terminate the VPN connection, but all LAN devices will simply ignore it.
I can think of three possibilities:
configure broadband router with static route towards 192.168.1.0/24 using CRS as gateway
map (using NAT) remote subnet into local subnet address space and configure proxy ARP
unholy possibility to use CRS as main gateway in subnet 192.168.0.0/24 and using ISP’s router only for upstream (which means double NAT and what not)
The first possibility being prefered because it’s much easier to implement and also easier on CRS performance. The last one would be the most resource demanding as @rextended already indicated
I could only hope he don’t use CRS as a router, but we don’t know for sure at this point and as @mkx pointed out it will be an issue if he use CRS as his/her main gateway
