So I have the following network - currently I only need to connect to the sites from a computer attached to the main router. This has been working fine but since remote working I now need to connect remotely to the remote sites away from the main router. I cannot connect directly to these remote sites as they change and they are sometimes connected to routers & CGNAT which I cannot control. Currently each remote site uses a SSTP client to connect back to the main router on an outbound connection. I cannot have the remote sites connect back to the MAP2n as this also has the same inbound issues. I’m thinking of creating another SSTP client from the MAP2n back to the main router but then I’m not sure what’s the best way to setup the routing?
I have researched it and think it maybe OSPF but not entirely sure? (I actually have 5 sites the other two with the same IP addressing so want to keep it simple)
I’d say OSPF would be an overkill here.
The mAP configuration can be the same like that of the remote sites’ routers. On all those “spoke” routers, route 192.168.0.0/16 via the /interface sstp-client as a gateway (local LAN subnet on each of these routers automatically becomes an exception). On the central router, add routes=“192.168.10x.0/24” to the /ppp secret row for each router. Upon reconnection (which you can force by disabling and re-enabling the server, or by removing the dynamically created /interface sstp-server item), the route to that subnet via the interface will be added to the routing table.
Firewalls on all devices have to be modified accordingly to allow access from the mAP to the remote routers’ own addresses and LAN subnets.
I use this setup with the mAP Lite as road warrior as well. Because it is only meant for management tasks the routing is solved by using NAT masquerade on all the SSTP connections.
No extra routes need to be defined at the remote sites. All site devices are directly reachable as long as the sites have different IP addresses.
The site networks are complex (multiple subnets, load balancers), and there are 2 main routers and 2 mAP warriors. Any device connected to main routers or mAP’s can be used as long as one main router has connection.