POINT TO POINT LINK

homerwsmith · May 12, 2012, 10:39pm

Dear Gentle Folk,

I am relatively skilled with networking, but new to Mik’s.

I wish to setup a simple point to point link from one office over the
open internet to another. It will carry PBX voice data over IP.

At one end the PBX is on subnet 10.0.0.0/24 and the mik is on 10.0.0.1/24

At the other end the PBX is on subnet 10.0.1.0/24 and mik is on 10.0.1.1/24

Each PBX knows how to talk to each other on each other’s subnet.

Outwardly each mik is connected to whatever static IP the respective
ISP’s have given to me.

Inside each mik how do I arrange that packets from 10.0.0.0/24 to 10.0.1.0/24
get to where they are supposed to go.

EOIP? VPN? IPOIP?

Now say instead of one external route, we have 3 different routes
through 3 different ISP’s, and my client wants fall over redundancy.

Can I create 3 VPN’s for the same subnet? Can I have it so
one becomes active when the other’s are dead? Probably too complex,
eh?

Thanks for your help in thinking this through.

Homer Smith
CEO Lightlink Internet

docmarius · May 12, 2012, 11:07pm

You could create multiple VPNs and set up routing rules with different routing distances using the interface names as gateways. The routes will be used according to these distances as priority metrics. So the higher the distance, the lower the priority.
Now if one VPN interface becomes inactive (disconnects), the rule will become inactive and the next route in line (with the next lower priority) will take over.
When the VPN will come back on line, the higher priority will be activated accordingly.

Here an example in winbox:

The blue routes are tho ones not in use right now.

Now if the interface RTC disconnects, you can see the 5th rule from the bottom (distance 150) going inactive, and the backup route (the 4th from the bottom, distance 200) taking over, rerouting the trafic to the other interface.

If the connection goes up again, the first status is restored.

For this to work, you can NOT use a stateless protocol, such as EoIP or IPGre, but need to something connection oriented like PPP/PPPoE/PPTP/OpenVPN, so the router can detect the connection status.

I hope this helps (you and maybe others).

Marius

homerwsmith · May 13, 2012, 12:03am

Does the below indicate that I need another router running OpenVPN, or can I use
the VPN inside the mikrotik itself? Seems simple enough if I don’t have to bring
yet another router into the issue at both ends.

Thanks for your help, brilliant writeup.
Homer

For this to work, you can NOT use a stateless protocol, such as EoIP or IPGre, but need to something connection oriented like PPP/PPPoE/PPTP/OpenVPN, so the router can detect the connection status.

I hope this helps (you and maybe others).

Marius[/quote]

docmarius · May 13, 2012, 9:51am

You don’t need another router. In fact it is mandatory to have the endpoint on the same router, since only then can the interface status be queried and the routes switched.
I never played with OpenVPN on Mikrotik, but IMHO it should work.

homerwsmith · May 13, 2012, 2:58pm

Thanks you are a gentleman and a scholar and do mikrotik proud.

Homer