Routing to another VLAN through VPN

adrianb · March 9, 2023, 2:24pm

I have an IPSec VPN connecting mikrotik (10.7.7.0) and other router (192.168.42.0).

The VPN itself working flawlessly, but the other router has two (untagged, port based) VLAN’s:

VLAN1 (192.168.42.0)
VLAN2 (10.1.1.0)

… and there is configured a (working) static route on that remote router as follows:

10.1.1.0/24 => 10.1.17.0/24 through 10.1.1.2 (another remote side’s “local” router, with its own VLANs presumably)

Is there any possibility of connecting from 10.7.7.10 to 10.1.17.122?

Thanks in advance!

adrianb · March 27, 2023, 11:41am

So, I understand that it is not possible?

erlinden · March 27, 2023, 11:49am

I would expect a route Dst. Address [10.1.17.0/24] with Gateway [Wireguard interface].
If the above isn’t working…please add a diagram of all involved IP addresses.

anav · March 27, 2023, 2:38pm

As stated, a diagram well labelled for context and full config to marry up words and pictures with actual evidence.
/export file=anynameyouwish ( minus router serial number and any public WANIP information )

adrianb · May 27, 2023, 5:51am

I’ve totally forgot this post, as the wireguard is not an option here, and I have to look for another solution (and solved it by myself).

For anyone who might need details, I have to made two IPSec tunnels:

the main (10.7.7.0/24->192.168.42.0/24) left intact, save for ‘level’ change from ‘require’ to ‘unique’, for better handling of SA’s
second IPSec tunnel with dst-address 10.1.17.0/24 (as above, level: unique)
proposals, peers, identities, profiles remains unchanged
no other changes (firewall, etc) required