PPTP VPN with Failover Dual WAN HO, 2 Branches with failover LTE

microninfo · June 9, 2018, 9:55pm

Hello there, this is my first to post Mikrotik forum, though I am using ROS from long time. I did not really asked for help.
I got everything answered from Wiki & this forum. I must thank full first to users, contributors, moderators, admins for such wonderful/helping work.

I am seeking assistance, I need to add backup failover link (LTE) for Branches. I have 1 HO & 2 Branches. So setup will be something look like below

HQ :
ISP1 (Static IP)
ISP2 (Static IP)

BR-1 :
ISP3 (Static IP)
ISP4 (LTE)

BR-2 :
ISP5 (Dynamic IP)
ISP6 (LTE)

HQ is doing LoadBalancing with PCC Method, we have portfarwared (DMZ) to Apache Tomcat port 8080, Branch are connecting by PPTP Site-to-Site.

What I need add LTE (3G/4G) failover machanism to Branches. I do not think Static OR Dynamic IP of Branches will make any diffrence was I am trying to do.

I think it’s easy by (Say for Br-1)
/ip route add gateway=ISP3 check-gateway=ping
/ip route add gateway=ISP4 distance=2

but will be NOT same for BR-2…? as it has pppoe DSL dynamic IP

Now here I find tricky part. Which I need some answers

If ISP1 (HQ) fails PPTP Client from BR-1 should connect to ISP2 via ISP3(Can I have 2 PPTP Server Bindings possible? OR PPTP Server automaticaly repond via ISP2, as ISP1 fails?

What if both ISP1 (HQ) & ISP3 (BR-1) are down?

This is something like this

ISP1 <----- ISP3
ISP1 <----- ISP4 (If ISP3 Down)
ISP2 <----- ISP3 (If ISP1 Down)
ISP2 <----- ISP4 (Both ISP1 & ISP3 Down)

Shall I have 4 PPTP Clients on BR-1? I guess it will be same for BR-2

Thank you in advance…

samsung172 · June 10, 2018, 1:53pm

if i understand your q correctly - the answer is that it depends on your setup.

if a connection goes down - the other ip will with distance in route be the “main” ip that respond to connection. If you have some kind of dynamic dns setup its no problem, but if its dynamic ip’s there is no way for clients to connect to a new ip, unless client know about the new ip.

in clients connecting to the pptp - its no problem if ip is dynamic.

As far as your pptp server have static ip - there is no problem with dynamic ip at client. its possible to have 2 active VPN’s from clients - or a client connect to another ip if first does not answer. In this setup i would have 2 VPN servers at the main router. One to each wan and have 2 tunnels from clients. 2 link subnets with rfc1918 addresses. then i would distance route over this by having some kind of dynamic routing for “lan side” ip. OSPF is a nice thing.

microninfo · June 13, 2018, 8:07pm

@samsung172

Thank you for your help! I am using complex static routing including IPv6 & PCC for load balancing/failover working fine, I do not want to change routing configuration much. So I dropped Dynamic Routing protocols at first place.

Now as you suggested
you would have 2 VPN servers & for each WAN you would have 2 tunnels for client, sounds amazing but I do not figured out how to do that with PPTP? Kindly assist if you have any example.

Thanking you.