PLZ Help to make site to site vpn

Jimmy · November 12, 2013, 9:19pm

Hi all
I am sorry for posting this, but I have rely no time left, and I rely need help, I no I have a lot reading to do, but I have to try asking the hardcore in here.
I need to setup a Site To Site VPN like the pic in here. I know it is not the best way to do it, but We are closing down one office, and we need to close down the server in that end, and move all pc and printer over to one domain, with only DC, DHCP and all in one end.

I found this: http://www.nasa-security.net/mikrotik/l2tp-ipsec-vpn-site-to-site-mikrotik-how-to/ but I need a guide, running only on one SUP
I do not think hardware from mikrotik is an issue, I have one CCR1036-12G-4S, one RB2011UiAS-RM and one RB2011UAS-2HnD-IN in stock, I think 2 of this hardware will do it?

Can anyone plz tell me a quick way to set this up, command or winbox, then I will try read more in to this, but now I rely, like many others, have no time left
Hope to hear from you.

Cheers
Jimmy

Rudios · November 13, 2013, 6:11am

The link you mentioned will help you a lot.
That completely describes the steps to be taken for your tunnel to work.
Have you tried following them, and ran into problems?

Jimmy · November 13, 2013, 1:15pm

ya, the problem is i need one big lan with sup 255.255.240.0 where i have dhcp ind only one end, maybe it is to mucth, cuss it ditten work, but i am trying in 30 main again.

Jimmy · November 13, 2013, 6:34pm

Hmm to start with I am stock with IPSEC Firewall Rules
Next I am stock with one big lan only cuss what to route?
Again I no I have a lot reading to do, but right now the time is up, and that is also why post in the beginners forum to ask the hardcore users in here, cuss I am sure it will only take them 1 min to point this out, and for me 2 days and maybe more
Cheers
Jimmy

efaden · November 13, 2013, 6:43pm

What you need to do is setup an EOIP or some other sort of Layer 2 tunnel between the two sides. Once you have that Layer 2 broadcasts will work … and thus you can have a single DHCP server on the one side. Basically you want to run EOIP or IPIP over IPSec. You can’t do that with straight IPSec…

-Eric

Jimmy · November 13, 2013, 11:12pm

HMM i can’t get any of this to Work, i follow the http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP but no link
Can you maybe post an ex from my pic plz?

cheers
Jimmy

efaden · November 14, 2013, 12:01am

Assuming you have all default configurations and nothing is blocked by firewalls etc…

On Site A:
/interface eoip add remote-address=WAN_IP2 tunnel-id=0 name=eoip-siteb disabled=no
/interface bridge port add bridge=bridge-local interface=eoip-sitebOn Site B
/interface eoip add remote-address=WAN_IP1 tunnel-id=0 name=eoip-sitea disabled=no
/interface bridge port add bridge=bridge-local interface=eoip-siteaThat gives you a bare EOIP tunnel WITHOUT encryption. Try that first and see if it works. Ensure that you can ping whatever IP you have assigned to bridge-local on each side. Once you get that then just wrap it with IPSec.

If that isn’t working then post your export from both sides so I can take a look.

-Eric

Jimmy · November 14, 2013, 9:21pm

Ok i give up i can’t get it to Work
efaden are you the man for a littel help, cuss i rely need it now

My contact is dk-f55@hotmail(dot)com

Cheers
Jimmy

efaden · November 14, 2013, 11:35pm

Emailed you.