Remote access routes

jamrobe · April 9, 2020, 10:47am

Hi all,

As being new to networking if I am saying anything stupid I do not mind to be corrected.

I have the configuration as per attached .pdf

Internet provider is different than mpls vpn provider. The vpn provider is taking care of all configuration/routes at mpls level
I have access to all routers.
I have forwarded a port for PC C, so if I am typing from PC A 10.10.2.20:9999 I have access to PC C server.
I have succeeded to create a VPN server on router A, so from remote PC I can access 10.10.1.0/24 as well as 10.10.2.0/24
So if I am typing from remote PC 10.10.2.20:9999 I have access to PC C server.

All good so far.
1.Next step I have tried to access router B by winbox from internet ( no vpn) by typing 5.2.1.10:9998. No luck
2.This was just testing as final goal is to have access from internet to server on PC C by typing 5.2.1.10:9999. Cannot do either

Can anyone help me with the two remotes access I am trying to do?
Thank you
Remote_Access.pdf (487 KB)

jamrobe · April 10, 2020, 11:07am

After some tests I made the following changes

Router A, routes
dst-address=10.10.0.0/16 gateway=10.10.1.2 ( rule was already there)

NAT
chain=dstnat action=dst-nat to-addresses=10.10.1.2 to-ports=9998 protocol=tcp in-interface=ether1 dst-port=9998
chain=dstnat action=dst-nat to-addresses=10.10.2.20 to-ports=9999 protocol=tcp in-interface=ether1 dst-port=9999

Router B
dst-address=91.132.136.136/32 gateway=10.10.1.1

After that I have access from remote to PC C server by typing 5.2.1.10:9999

Now aim is to give to any IP access to PC C

In router B there were this routes
0 dst-address=0.0.0.0/0 gateway=lte1
1 dst-address=91.132.136.136/32 gateway=10.10.1.1
2 dst-address=10.10.1.0/24 pref-src=10.10.1.2 gateway=ether1
3 dst-address=10.10.2.21/32 pref-src=10.10.2.21 gateway=lte1

I have deleted
0 dst-address=0.0.0.0/0 gateway=lte1
1 dst-address=91.132.136.136/32 gateway=10.10.1.1

and added
0 dst-address=0.0.0.0/0 gateway=10.10.1.1
1 dst-address=10.10.0.0/16 gateway=lte1

All good, I could access PC C server from any IP, for about some minutes
dst-address=0.0.0.0/0 gateway=lte1 is dynamically added, and after was deleted it was added again by system, and my remote access ruined.

Now question is how I can modify , or delete that default dst-address=0.0.0.0/0 gateway=lte1?

Thank you

jamrobe · April 10, 2020, 12:07pm

Found a way.

On router B
I have let the dynamic default route be dst-address=0.0.0.0/0 gateway=lte1 distance=1
and added route dst-address=91.0.0.0/8 gateway=10.10.1.1 distance=1

And seems to work
If anyone have a better solution I am eager to test.

Thank you