We’ve a remote site on a dynamic IP that we need to securely bridge onto 2 networks. At the main site those networks are already in VLANS 5 & 10 (with DHCP running there) so this is what I’ve set up and it works, but not sure if it’s the best way to do it.
Create an L2TP tunnel to the base (as we don’t know the remote IP and it could change) and assign each end of the tunnel 2 IP’s (192.168.1.1 and 192.168.1.2)
Create an EOIP tunnel between those 2 IPs
Create an IPsec tunnel between the 2 IPs
Route the VLAN’s down the EOIP and break out at far end and assign ports on the mikrotik to each VLAN
This works and a machine plugged into each port on the mikrotik gets a DHCP address on the correct network and the isolation is working properly. I know the MTU will not be great so there will be fragmentation.
Is there a better way of doing this?