route public IP throw VPN site to site

ahmedyeid · April 19, 2014, 2:29pm

Hi

I need help for below please

I have site A with 6 IP public address and routerboard , Site B had normal internet with
routerboard & local server and there is VPN between A & B
Can I route 1public IP from site A to site B to access the server from anywhere

Best regards

brossler · April 19, 2014, 5:56pm

Hi,
yes, you can.
Once you set up VPN link, site A and site B have private IP addresses (for example, router A has 172.16.0.1 and router B has 172.16.0.2 on VPN interface). Router B has another network with the server (for example, network 192.168.2.0/24, router B has 192.168.2.1/24 address and server has 192.168.2.100/24 IP address). Router A gets public IP address (for example 1.2.3.4).
Than you need to set up NATing and routing:

Router A:
/ip firewall nat add chain=dstnat dst-address=1.2.3.4_(router A public IP)_ to-addresses=192.168.2.100_(server private IP address)_
changes (nats) public IP address to private address

/ip route add dst-address=192.168.2.0/24_(router B network where server is)_ gateway=172.16.0.2_(VPN interface IP of router B)_
routes traffic with destination address of router B to router B

Router B:
/ip firewall mangle add chain=prerouting src-address=192.168.2.100_(server private IP)_ dst-address!= action=mark-routing new-routing-mark=fromserver
marks traffic from server so it can be routed back to router A

/ip route add dst-address=0.0.0.0/0 routing-mark=fromserver gateway=172.16.0.1_(VPN interface IP of router A)_
routes marked traffic from server to router A

This should do the trick. Replace example IP addresses with yours. You must not route all traffic from router B to router A VPN IP, because VPN tunneling packets would be trying to get to router A via tunnel (themselfs), which is not possible. Therefor you mark only what is going from the server and set default gateway to router A for marked traffic so it goes back the same way it arrived.

I hope this was helpfull.

ahmedyeid · April 20, 2014, 7:08am

Think you very match i will try it and feed you back

ahmedyeid · April 20, 2014, 7:53am

Its working but very slow while internet connection its good Router A 18 MB & Router B 30 MB
I used PPTP VPN and cloud Router 1036 for A and 2011 for Router B

brossler · April 20, 2014, 3:38pm

How slow is it? And what are Routers upload speeds?
The problem is that when you send request to server, it goes to Router A and uses its download, than it is sent via VPN to Router B, so it uses Router A upload and Router B download. On the way back it uses Router B upload, Router A download and Router A upload. It also travels twice as long, so latency increases.
Natting also uses CPU, but CCR should handle it with no problem.

ahmedyeid · April 20, 2014, 6:16pm

I don’t now really why but very slow

superp · September 2, 2014, 7:43am

hi!
sorry but i not understand this configuration.

router A public ip is here
172.16.0.1 pptp interface
192.168.2.100/24 which interface? why /24?
1.2.3.4

router B
172.16.0.2 pptp interface
192.168.2.1/24 which interface? why /24?

how public ip arrive at router b?

thanks you!