Hi, I has a Mikrotik (number 1) that has connected to internet (public IP address) and give internet access to other mikrotik (number 2), the second mikrotik is connected to the first through a private ip address such as 10.0.1.x but how I can create a VPN on the second Mikrotik?
I tried to enable /ip cloud on second mikrotik and create VPN profile but no success…
How I can do it?
Regards!!
Because you have only one link to Internet with only one public ip it doesn’t have any sense what you are trying to. Just make port redirect to the second device as port 80 is already occupied by the first one.
Hi, I have a public IP pool that I can use in twice Mikrotiks, now second Mikrotik is giving internet to 100 users…
ether1 is the input of the internet connection on Mikrotik number 2
If I create a /ip address with one public IP address pointing to ether1… all still working well and the ether1 will be assigned to this public IP?
Am I right?
Thanks for your reply
You don’t need to enable any cloud features.
What you do need to do:
Make sure the second Mikrotik has a route to the internet. (i.e. ping public IPs)
Make sure that the VPN traffic is permitted through the first Milrotik. (check firewall)
This would be easier if you use routed interfaces with a /30 in between the two Mikrotiks, if you are not already.
Create a VPN with the source interface as your 2nd Mikrotik “WAN” interface (i.e. interface going to 1st Mikrotik)
Ensure that there is a dst-NAT on the first Mikrotik coming back into and pointing at the 2nd Mikrotik’s “WAN” interface.
Most likely, yes. There is more to the “puzzle” but that is different than what I thought in my head was goign on from your first post.
If your 2nd Mikrotik has a Public IP, I assume that Mikortik can reach the internet - correct?
You would just need to make sure that you have a NAT on the 2nd to allow traffic out and to ensure that the 1st Mikrotik isn’t blocking your VPN traffic.