I have two mikrotik routers. One router - 2011 (main) has public static IP address and has L2TP over ipsec vpn server running on it. I can connect to it from laptops and mobiles. When i connected, my ip changes to routers ip.
The second router 4011 dont have public static ip. On this RB4011 router is running 3 wAPs. Two physical: 5ghz and 2.4ghz. And 3rd one is virtual which is on 2.4ghz interface. I have one bridge which is spreading internet to all three wifi’s, virtual has another subnet so its not accessible from physical wAPs.
I want to make VPN connection between two routers, and the tunnel should be spread to only 3rd wAP (virtual). The tunnel should be always connected. So any time when im connecting to wifi 3, i should be under that vpn and all trafic should go through 2011 router. So my IP address should also change to public static from 2011 router. How I can achieve that?
Thank you for your answer.
I want my two other wAP’s on rb4011 still use my local internet IP. So the trafic from them should not go to VPN. Only from the 3rd one. Is it possible only with one internet provider’s dynamic ip on 4011?
It is not the WAPs traffic that goes through the VPN, but instead your Computers traffic…
Even if someone else connects to the same WAP he/she will be routed from the local ISP and not through the VPN…
Did you setup the L2TP tunnel ?
After that you need to configure your policy routing rules, under IP route rules, when the src address is the computer’s IP address to use the Table " VPN " and then in the IP routes you need a a record with gateway the remote VPN router and routing mark the " VPN " ..
yes I have setup L2TP tunnel, it works fine. Now i need to route all trafic from LAN2 to that VPN. Not only from PC2, but from all LAN2.
p.s. LAN1 should still use old gateway and goes to internet from my German provider.
Ok but why dont you start the configuration and see how it goes ?
As said earlier the steps are routing rules then routes also masquerade the LT2P interface, forgot to mention that before…
all trafic from LAN2
Under ip route rules you can select the interface you want, i have not tested with interface name but only with IP, but i guess it will work too…
super, now i can access to remote subnet from wlan3. but i still cant access internet over that vpn. from mobile phone its working fine, and my ip changes to ip of rb2011.
where to look now?
p.s.
also I found strange behavior, when i connected to vpn rb2011, it assigns to rb4011 ip 172.31.86.7 and to rb2011 172.31.86.6 randomly. so all settings on my rb4011 i do for this ip. But can it be static on remote side?
i thought 172.31.86.6 would be my router’s ip address, but when i connected simultainiosly from second device i got two new addresses 172.31.86.8 to rb2011 and 172.31.86.9 and rb4011
is it normal? each tunnel should have pair of unique IP’s?
the vpn is up. the wlan clients with 192.168.243.0/24 adresses can ping only the bridge "freebridge" address (192.168.243.1). For other addresses it gives "no network".
Do you have any whole example that i can use? Up to now i can find only some small pieces of info and contradicting approaches to such separate routing...
