Router a has a machien connected to eth2, a win 2k3 server 192.168.4.200.
Rouber B is attached to the same switch as router a. (they are the only two nodes on that switch).
Router C is 400 miles away and i plan on VPNing into router B and backing up files from machine 192.168.4.200 (which is connected to router A) to a local machine of router C.
I have the VPN client set to used remote 192.168.3.200 and .201 local.
From router B i can ping 192.168.4.200 and from router C i can ping nodes located at router B but not A.
I’ve tried static routes but still cant get C to talk to A.
On all of these routers there is one Port that is uplinked to the net via a public IP address except router A which has this PLUS Eth2 goes to the .4.200 server.
Can you draw us a small diagram where is what on which interface with which subnet running ?
If you got pptp running to vpn your router (B), enable proxy-arp on the lan interface which is connected to router A.
This way router A knows how to send packets back to router C needs to be addressed to router B.
I needed to do a diagram on this anyway..it should be displayed below.
I know I’m stuck on something / forgetting something here..i’ve been messing with this all morning and i know its something simple…although this is the first time i’ve done this type of layout on MT…
Is Router A a MikroTik as well?
Why not vpn to router A instead of router B ?
Why not using IPSEC with tunnel mode instead of L2TP?
Ok, based on your diagram to make it working i would do the following:
Just keep the L2TP running;
Add an ip address 192.168.3.105 to the lan side of Router A;
Create a EoIP from Router B to Router A (guessing both are Mikrotik?);
With the bridge on ports ether1 and eoip tunnel, router B should be able to ping 192.168.3.105;
Add a route destinated to 192.168.4.0/24 on Router C to 192.168.3.105(Router A over the EoIP tunnel over the L2TP tunnel - check if you need the proxy arp);
Add a route to 192.168.4.0/24 on router B to 192.168.3.105;
Add a route back to 192.168.1.0/24 to 192.168.3.103;
Check the NAT entries on all routers.
Not sure if this will work but that could be a possible solution.
However it is tricky and dont expect it to work from beginning.
I would prefer to dont use router B, creating a IPSEC tunnel between Router C and Router A with a policy from 192.168.1.0/24 to 192.168.4.0/24.
The only reason could be that Router A is not a mikrotik machine, then my solution will not work because EoIP is mikrotik only.
The reason i didnt want to vpn into Router A was that it was critical to accept connections for the server, i wanted all the VPN load / Problems (if any) to happen on Router B with out disrupting router A if there was an issue (the vpn stuff is only for file backup purposes and is not sensitivie to uptime.)
So what i’m reading is that i’m going to need some kind of tunnel between router A and B?
EDIT: can anyone offer any input on this method or another?
Since both of these routers have an extra, unused wan port, can i connect Router B DIRECTLY to Router A (via each of their extra eth3’s) and then router the 192.168.4.200 traffic over that?
Does this need to be a crossover cable or do these onboard ports adjust for it? I ask all this since the setup is 2000 miles away at a COLOCATION site.
just plug a network cable to ether1 on router B and add a switch with router A and your server. Give router B an ip address from the pool 192.168.4.0/24 and you will be set.
Thats the easiest way if you dont want router A to get on vpn.
On the diagram that would be the same constellataion like on router A, just another node in your lan.
The other way could be a simple nat forwarding from router b to router a, for example tell router b to route all 192.168.4.0/24 traffic to router a (64.27.x.50). On router A you need to route the packets through your interfaces.
There are many solutions for your problem but the cleanest way is always to direct vpn in another network. Just if thats a security reason or you want to make like a “backdoor”, there are other solutions possible.
EDIT2: OK I CAN GET ROUTER C to ping .4.200, i had to add a route back for routerB’s local IP of the VPN…so i’ll have to do this for each vpn client..easy. I"m having issues getting Nat’d clients behind router C to hit 192.168.4.200 but i’m sure i just need to mess with routing more on router C…i’ll report back in the mean time if anyone has any ideas as to how to get clients behind router C to ping 192.168.4.200 (which router C CAN do now) please post it.
