Dear Mikrotik Community,
I’m so happy of creating this first entry in the forum, it’s my first time asking for the community wisdom directly…
I’m trying to do my best, this is an example of what I want to do:
HOME - ROUTER
Let me start from the right side, I have an RB2011 connected to a Colombian WISP, with an Wireless Radio, with Nat, firewall, everything normal.
WAN = Static IP coming from another mikrotik from my provider, I don’t have access, I dont have public IP.
LAN = 172.16.1.0/24 in the bridge port, the rest of interfaces are bridged here.
DHCP in bridge interface
Wireless = for internal users,
Firewal protection normal, ports 1723 and 47 open external, 8291 only internal
Nat srcnat masquerade 172.16.1.0/24
PPTP local 192.168.1.1
EOIP local 192.168.1.1
This router has been working without problems.
CHR - ROUTER
This is a VPS with Vultr, running fine
WAN = public ip provided by Vultr.
LAN = additional interface 172.16.0.1
Bridge = 172.16.0.2
No DHCP yet, I don’t know if I need it.
Firewal protection normal, ports 8291, 1723 and 47 open externally.
Nat srcnat masquerade 172.16.0.1/24
PPTP server enable
PPTP local 192.168.0.1
EOIP local 192.168.0.1
REMOTE - ROUTER
This is a mAP thinked to be connected to internet in different situations, in hotels by example. Basically remote location.
WAN = wireless interface provided by the hotel, company or service available
LAN = 172.16.2.1
Bridge = ether1 bridged.
DHCP on bridge interface.
Firewal protection normal, ports 8291, 1723 and 47 open externally.
Nat srcnat masquerade 172.16.2.1/24
PPTP local 192.168.2.1
EOIP local 192.168.2.1
In the CHR I created the PPTP tunnel, with the respective route, then I’ve created the EoIP interfaces, with the secret and everything… I made the link between all the routers and I was able to ping between the remote to home and viceverse…
In the home network, once the tunnels were up, the links were up, I found some services stopped to work, for example Battle.net, Netflix, Speedtest, even browse was imposible, but I was able to ping all the locations. I have internet access but these services were down.
Testing and testing I decided to disable different interfaces or services, I disabled the PPTP Client, everything was fine, I disabled the EoIP Tunnel same, only until I disabled the EoIP interface from the bridge port I was able to get all the services back to work.
Here is were I place the first part of my request:
- According to the diagram provided, what could be needed to make this setup to work?
- I have been reading some forum entries, I found it could be something related to a double nat situation, also, if all networks are in the same broadcast domain I’m creating innecesary traffinc over the tunnels.
- I need TCP and UDP, what could be the best implementation of the tunnels then.
- In every router I do NAT but the source address are the correspondent LAN
- My intention with the remote router is provide access to the HOME network from any location, using the CHR as a bridge.
The second part of my request and maybe more ambicious…
In the remote router I would like to create 3 virtual wireless networks
Wireless LOCAl to provide straight access to the same internet were the remote router is connected.
Wireless VPN-USA to provide access to any user connected to it Using the CHR internet access, as a VPN, and finally,
Wireless VPN-COLOMBIA to provide access using the HOME internet access, as a VPN.
This is the idea, the remote user needs to use some services that only work having a Colombian IP, and also some services requiere an USA IP.
Thanks in advance… I’m open to any correction or improvement…
Thanks a lot…
