What I want to achieve are:
- Keep the WAN router could be accessed anytime, in case of breaking EoIP connection / reset EoIP device etc. (thus I separate devices, one for EoIP, one for WAN-LAN Router)
- Site to Site connection transparently, with ability to use broadcast functions like Windows network discovery (thus Layer2 Tunneling Protocol is involved here)
- Minimize non-necessary traffic not related to LAN-LAN connection (just keep ability to access internally, all internet access could just through WAN Router in each side)
Physically connection:
Main Site
WAN ↔ WAN-Router A ↔ LAN ↔ Other Computers/Server/DHCP and DNS Server and Mikrotik A
WAN 200.1.1.1/32, WAN-Router (Also NATed for LAN) opened ports for IPSec
LAN 192.168.0.0/24 (may be changed to /23 for site to site connection), currently DHCP and DNS is served by WIndows AD Server
Mikrotik A IP 192.168.0.88
Branch Site
WAN ↔ WAN-Router B ↔ LAN ↔ Other Computers and Mikrotik B
WAN 200.1.1.2/32, WAN-Router (Also NATed for LAN) opened ports for IPSec
LAN 192.168.1.0/24 (may be changed to /23 for site to site connection), currently DHCP and DNS is served by WAN-Router B
Mikrotik B IP 192.168.1.88
WAN-Router A and B are general home routers, still have ability to set manually routing.
Mikrotik A & B in bridge mode directly to LAN ( still not sure about moving computers behind them )
At current stage, the EoIP with IPSec connection (IPSec in transport mode) between Main and Branch Sites is established, no any problem seems here.
If I bridge EoIP-tunnel to Physical Port in Mikrotik B, attach the Branch Site computer to Mikrotik B, could get IP (192.168.0.100/32) from Main Site DHCP, but it could access only computers which physically attched to Mikrotik A (bridge EoIP-tunnel to Physical Port in Mikrotik A), no internet access of cause due to even I could not access DNS Server (since not physically attched to Mikrotik A) in Main Site.
However, this is not main question here, since I dont want make all the traffic (for example, web browsing/emails) would go through neither one sites.
To achieve the 3rd point, I need set routing manually. But what I need to do in WAN-Router A and B to route all necessary traffic to Mikrotik A & B then continue to EoIP-tunnel?
I currently put EoIP-tunnel address in 172.16.0.0/30, Mikrotik A 172.16.0.1 and Mikrotik B 172.16.0.2
But I seems that WAN-Router may not directly route opposite IP to EoIP-tunnel address directly (say WAN-Router in Branch Site, route 192.168.0.0/32 to GW 172.16.0.1 seem not make scene, but to GW 192.168.1.88 also not work at this moment)
Any suggestion for setting routes in both WAN-Routers and Mikrotiks?
Or even not use layer2 tunneling but set other solution for better site to site connection in this case with easy just using computer name?