Ultra robust VPN

SomeYoungGuy · June 16, 2014, 6:06am

Hi all, im hoping to be pointed in the right direction here.

What im looking for is a way to establish a VPN that will simply never go down… ever! here is the scenario:
i have 2 sites, and i control both ends, lets say two offices; head office and office 1. Head office has two internet options, both fibre from two different isp (its backbone internet, ultra stable) plugged into some rbxxx.

Now office 1, can have a multitude of internet connections, for now its 4g and 3g… plugged into a rb750.

I’m looking to connect these two offices with a eoip or vpn or something. my understanding was that you cant really bond the vpn, but you can bond a eoip… i still don’t get how this helps, the illustration shows the eoip is made in a 10 range ip… where i need to connect over general internet… so what would my ‘remote’ address would be? the head office live ip?

What im hoping to achieve is that the VPN can use all internet (when its good), or just the one if the other is down. And if i get a 3rd, i can just add it to the mix, making it faster, and more stable.

any suggestions?
there is surprisingly little documentation on this… i would have thought inter-office vpn is very common.

cdiedrich · June 16, 2014, 9:17am

Have a look at my thread about dual WAN which is pretty much what you’re looking for.

Cheers
-Chris

SomeYoungGuy · June 16, 2014, 4:12pm

i have examined this post an the video, but im confused about something… in their examples, and of course in all the other examples i have seen, people use example 111.222.333 blahblah ips, what are they saying about this?? at the same time the guy in the video said, this this does not work over the public internet, then another guy on another post said any pingable IP. Now in my case im going to be using ISP internet on one side, so ill get provided an IP on connection. is this still possible? or must i have already created the vpn, in order to use the eoip over the vpn?

Duduhandelman · June 16, 2014, 5:48pm

I would suggest you to consider two isp links at each site each connection connected to a different Mikrotik device (total 4 Mikrotiks) each couple will create eoip over ipsec.
Now connect them both to a switch at each end and let the spanning tree do its magic.
Or even better create a lagg between sites it will give you double bandwidth as well.

I made this in the past working perfectly.

Good luck.

SomeYoungGuy · June 22, 2014, 8:40am

FYI: I have completed this task to some level of success, but still the packet loss over SIP is noticeable, see findings here:
http://forum.mikrotik.com/t/major-packet-loss-over-simple-vpn/78277/1