What kind of tunnel do I need in my case? Pointers needed

katit · May 23, 2015, 5:24am

I have Mikrotik in office, static IP
I have Mikrotik at home, dynamic IP

I want my home MT to connect to office and networks be shared. It’s different subnets, different DHCP servers and DNS. But I want all members on either side to be able to act like they VPN into that network. Remote desktop to servers from home, etc.

Another thing - I want IP phone at home to connect to PBX server in office without any NAT.

Also, I’m looking for lightest and fastest protocol.

What should I look for? Any ready tutorials for this kind of setup?

satman1w · May 23, 2015, 1:12pm

Hi,

In my opinion, to fulfill all your requests, the best (and simplest) choice is the IPIP tunnel.
http://wiki.mikrotik.com/wiki/Manual:Interface/IPIP
(read the article and you will understand all the advatages)

I’m not sure if mikrotik ipip implementation suports url’s instead IP’s in source or destination ipip addresses, but it can be solved with simple script even if both sides are dynamic.
Once you establish the tunnel (it should take less than a minute of work on both sides!!!) you can also deploy IPsec if you really need it and make your tunnel “bulletproof”.

I hope I helped…

katit · May 26, 2015, 9:40pm

Hi!

Thank you for reply. However, sample provided doesn’t cover my scenario. On one end I have dynamic IP. My office MT has static IP and my home MT has dynamic IP. Is there any instruction on how this can be done? Hopefully without any scripts or DNS lookups (because there is no dynamic DNS at home)

jarda · May 27, 2015, 4:38am

Try sstp. Client could have dynamic ip without any problem, server side should have static if no scripts are allowed.

satman1w · May 27, 2015, 8:33am

You cannot cross the river without wetting your feet !!
So, it can be done with few lines of script, and yes you have dynamic dns at home if yor are using mikrotik router, you just have to enable it!! (…IP…Cloud…enable…)

regards

katit · June 2, 2015, 3:02am

So, sorry for beginner question, what exactly those 1.1.1.1 and 1.1.1.2 addresses in sample?
http://wiki.mikrotik.com/wiki/Manual:Interface/IPIP

Internal IP ranges on networks I connect is 192.168.33.1/24 an 192.168.99.1/24

If I want to make sure I can look into either network from any side, what should I substitute on those 1.1.1.1 and 1.1.1.2?

satman1w · June 4, 2015, 7:46pm

Example in manual is rubbish. It is a standard Mikrotik inconsistency in using private and public addresses.
Instead, look ad Greg Sowel’s video on youtube or directly on his site. It will open your eyes widely.

https://www.youtube.com/watch?v=U-8RmkNpgWI

regards

katit · June 4, 2015, 8:09pm

Actually, I made it to work and it works well! Using their manual. But I made it static. My home IP changes when there is issue with provider router, probably 2-3 times a year so I’m running it like this for now. Will need to figure out scripting to make it bulletproof.