Hi Sindy,
Thanks for your detailed response.
This is a quick diagram of what i’m planning to achieve.
On the Management VPN, Clients will be assigned an IP from a pool in the 10.200.0.0/16 subnet.
On the Cooperate VPN, Client routers will have a unique /24 local subnet for the site’s LAN. Anything in that /24 should have access to the cooperate VPN including local hosts at other client sites which are in a different /24. For example, 192.168.15.xxx should be able to ping 192.168.8.xxx, 192.168.16.xxx and so on.
The Cooperate VPN SHOULD NOT be able to see the Management VPN and visa-versa.
Would you have a more detailed example of configuration, like routing rules and firewall rules? I’m new to Mikrotik and not 100% sure where to start config wise.
Thanks again,