router-A is connected to router-B via L2TP/IPSec. I can connect successfully to router-B, I receive the local network’s IP, I see the active connection on router-B.
I want to send all traffic from router-A via this connection, I tried a few things for the past hour, none seems to be working. Do you have a working tutorial?
router -A
model: 951Ui-2nD
current-firmware: 6.46.5
Router-B
model: RB760iGS
current-firmware: 6.44.5
Thank you!
Hello, add a default route 0.0.0.0/0 gw=your_l2tp_tunnel and a nat rule.
Hi,
This is what I have now, where 1.2.3.4 is the VPN server’s public IP
ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.0.1 1
1 DS 0.0.0.0/0 l2tp-vpn 1
2 ADC 10.10.14.1/32 10.10.14.36 l2tp-vpn 0
3 ADS 1.2.3.4/32 192.168.0.1 0
4 ADC 192.168.0.0/24 192.168.0.101 ether1 0
5 ADC 192.168.88.0/24 192.168.88.1 bridge 0
ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 chain=srcnat action=masquerade routing-mark=traffic_for_VPN out-interface=l2tp-vpn log=no log-prefix=""
You currently have 2 default routes in the routing table:
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.0.1 1
1 DS 0.0.0.0/0 l2tp-vpn 1
You can see that the one using your “normal” gateway has the “A” mark.
This means “Active”. Disable the default route over “192.168.0.1”, the the other one (over your VPN) will become Active.
If I try to disable it I get:
ip route disable numbers=0
failure: can change only static routes
I was able to remove the route, however now I can’t get out of the LAN from 192.168.88.0/24, while I can still reach my gw on L2TP server and the internet from the MikroTik (L2TP client)
[user@MikroTik] <SAFE> ip route remove numbers=0
[user@MikroTik] <SAFE> ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 l2tp-vpn 1
1 ADC 10.10.14.1/32 10.10.14.36 l2tp-vpn 0
2 ADS 1.2.3.4/32 192.168.0.1 0
3 ADC 192.168.0.0/24 192.168.0.101 ether1 0
4 ADC 192.168.88.0/24 192.168.88.1 bridge 0
[user@MikroTik] <SAFE> ping 10.10.14.1
SEQ HOST SIZE TTL TIME STATUS
0 10.10.14.1 56 64 17ms
1 10.10.14.1 56 64 10ms
2 10.10.14.1 56 64 11ms
3 10.10.14.1 56 64 11ms
sent=4 received=4 packet-loss=0% min-rtt=10ms avg-rtt=12ms max-rtt=17ms
[user@MikroTik] <SAFE> ping 8.8.8.8
SEQ HOST SIZE TTL TIME STATUS
0 8.8.8.8 56 119 20ms
1 8.8.8.8 56 119 20ms
2 8.8.8.8 56 119 21ms
3 8.8.8.8 56 119 20ms
sent=4 received=4 packet-loss=0% min-rtt=20ms avg-rtt=20ms max-rtt=21ms
Post your config:
/export compact hide-sensitive
try to increase the distance of 0.1
At this time the VPN server is having issues and I wasn’t told an estimate for remediation.
Therefore I can’t try further settings yet.
Thank you for your help!