L2TP VPN between HeadOffice & Remote Location

RouterOS General
1

HEAD OFFICE
Mikrotik V3.30
Public IP : 180.234.5.XX
LAN IP : 192.168.96.0/27
Ethernets : WAN QUBEE, LOCAL LAN
Addresses: DHCP IP (180.234.5.XX) retrieved from Wimax Modem QUBEE (Bridged mode)
Clients in LOCAL LAN IP addresses are set manually.
Bandwidth: WAN (1mbps down, 256kbps up)

Trying to do VPN using L2TP (documented in http://wiki.mikrotik.com/wiki/PPTP_VPN_-_multiple_ADSL_remote_locations_to_Cental_Office).

Remote Location
Mikrotik V3.30
Public IP : Not available (No static IP)
LAN IP : 192.168.95.0/27
Ethernets : WAN BTCL, LOCAL LAN
Addresses: DHCP IP retrieved (192.168.1.XX) from ADSL Modem
Clients in LOCAL LAN IP addresses are set manually.
Bandwidth : WAN (1mbps down, 256kbps)

Both location have different ISP. Head office has static IP. My problem is after I establish L2TP Connection to the head office. We want clients in the head office and remote location to share files, printers, etc. However, using the documentation, everything is fine, except that when clients in remote location browses the internet (say google.com) all data is routed from the head office. As headoffice doesn’t have a lot of bandwidth to play with, therefore we just want both lan to talk to each other whenever is necessary. Otherwise both LAN should use their browsing facilities with their own routes and gateway.

For example, when I am accessing the internet from the remote location, my IP is shown as the same IP of headoffice. We don’t want this, we just want the local lan to talk to the remote lan. Thats it. Is it possible? or am I talking impossible. Please help and share your knowledge.

Regards,
Saiful
14/10/2010

2

in effect what you want is to route only specific IPs to the main office, the rest should go through NAT/masquerading at the branch office and should be sent to the internet there.

start with a NAT rule at the branch office that sends all traffic towards the internet so that you can browse the net - the default route points to the branch office adsl router.
then add the L2TP tunnel to the main office - do not let L2TP add a default route. modify the NAT rule so that it does not apply to the IP addresses of the main office (dst address is NOT 192.168.96.0/27).
make sure you have static routes at the branch office and at the main office that make each other’s network reachable through the L2TP tunnel (unless you run OSPF).

andy

3

Thank you Andy for your reply.

I am sorry, but I’m very much illiterate in the terms of Mikrotik. Whatever you have replied may make sense, but I’m very confused how to implement it. Can you please post me a tutorial or may be give me some commands to write in the Terminal. You already have the IP’s I’m using in both routers, so it will be a big help if you can give me some how to.

Edit: Sorry, I forgot to mention another information. I have the L2TP Server at Head Office running on 1701.

Only one user is added as per the documentation.
User ID : user1
Password: say1234
Local Address: 192.168.96.18
Remote Address: 10.0.1.254 [Same as advised in the Documentation]
Route : Pls see below as advised in documentation.

/ ip route
add dst-address=10.0.1.0/24 gateway=10.0.1.254 scope=255 target-scope=10
comment=“” disabled=no

Thanks in Advance,
Saiful
14/10/2010