Okay I have tried nearly everything and I cannot get certain configurations to work with a dual WAN configuration.
I have four offices with identical setups (all using MikroTik RB750G)
Dual WAN
- Cable is x.x.x.x/29 (5 usable IPs)
- DSL is x.x.x.x/24 (5 usable IPs)
LAN for desktops - 192.168.x.0/24
LAN for SIP phones - 192.168.x.0/24
I can set up IPSec VPNs just fine. However, I want failover (EoIP bonding perhaps) between the VPNs across all four offices.
I can set up src-nat (masquerading) and route it out over multiple WAN connections just fine. However I want dst-nat to work across both WAN connections regardless of which WAN gateway is in use at the time. Meaning I want outside access to work on both WAN connections.
For example, both of these need to work regardless of which gateway is active,
1.0.0.1:22 dst-nat → 192.168.1.20:22
2.0.0.1:22 dst-nat → 192.168.1.20:22
I’ve tried mangling packets and policy based routing but can’t get this to work.
I also want to implement WAN failover (single WAN connection, no load balancing) with automatic failover back to the primary connection when it becomes available again. I want two checks, ICMP without any response or ICMP response with threshold above a certain threshold (say 5 x 32byte packets above 150ms).
So here’s the list of features:
- Configure incoming dst-nat to work simultaneously on dual WAN connections
- Configure IPSec VPNs between two offices (with EoIP bonding)
- Configure script to monitor primary and secondary WAN connections and failover between them (checking ICMP and ICMP latency)
Contact me directly and we can arrange terms & payment.
The incoming dst-nat is the most important. Thanks!
John
PS..
I just found that no one is able to PM me. Please email me at the following address,
prolucid at g m a i l dot com