My Goal is to have one routerboard 1100 in a datacenter and connect with several 750s to it. Through this tunnel I would like do assigne public IP Adresses. So I can plug in a 750 anywhere I want, regardless what ISP is used and have the same IPs. Realy much like the incomplete tutorial above but without a LAN in the Datacenter and the ‘home router’ should have a public Network - something like /30 or/29.
I attached a short pic of what I wanna do. I’d prefer to connect to only one IP in the datacenter - at different ports this might work.
Maybe someone of you can help me as I realy have to honestly say that I’m just not that familar with routerOS to do it on my own.
You will have to get a subnet routed to your AC (access concentrator) in the datacenter. Then, the easiest way is to create an L2TP server on the AC, and assign public IPs to the L2TP clients (which will be the 750s). Secure the whole thing with IPSec, and you are done.
Sounds quite easy… but for me it only sounds like that.
So basically I could just do it only via L2TP and forget about IPsec as L2TP does the tunneling, am I right?
So if I connect the 750 via L2TP to the 1100 and I can set other IPs, too?
It does not have to bee some sort of assigning - setting the IPs manually is enough.
I just need a tunnel where I can route IP addresses through - and it should work for more than one client.
edit: I forgot to mention that something like openVPN would also be possible but not on routerOS as only TCP openVPN is supported
Any kind of tunneling will do then. IPIP, GRE, L2TP, PPTP, etc. I would reccomend L2TP or GRE, because they support keepalive.
L2TP has the advantage of assigning a single IP to the end device in the L2TP process already.
Or you can do GRE, which will just create a logical interface on the router, and assign IPs manually.
I would still suggest securing the tunnel using IPSec Transport mode.
So if I use L2TP then one public IP will be assigned to the 750, that sounds nice. What do I have to do in order to route other IPs? So if I assign the nex IP after the 750 to a Firewall - is it routed trough the tunnel when connected to the assigned port?
If you want multiple IPs for the 750s, you would then have to set up routing. L2TP is a point-to-point tunnel, and a single IP will be assigned to the client during the L2TP process. It can be public or private, that doesnt matter. Then route some more IPs to the L2TP client using static routes or assign them to a loopback interface on the client and use OSPF to redistribute the route to those IPs to everyone else.
How you do this depends on you and what you want to achieve.
