I am trying to consolidate several network devices into one using my new MikroTik router running Router OS level 4.
My hope is that I can achieve the following and am looking for some broad pointers in the right direction atm.
[ Company VPN Server ]
|
[ ISP (PPPoE) #############################|##### ]
| | |
[------------------------------------------|------]
[ Router ! ! | | ]
[------ LAN -----]! <-- ! [ LAN ][ VPN Client ]
[------------------------------------------|------]
| | ! ! | |
HOMESSID Switch ! ! \ /
| | ! ! WORKSSID
clients <-> clients ! ! |
! ! clients <-> clients
The details:-
HOMESSID (2G+5G+SWITCH) allows access to LAN + Internet and other LAN hosts
HOMESSID should be blocked (isolated) from accessing WORKSSID and VPN.
WORKSSID (2G+5G) allows isolated access to WORKSSID + VPN + Internet
WORKSSID should also be able to access HOME LAN.
WORKSSID internet traffic should go via ISP not VPN.
WORKSSID work traffic should be routed down VPN.
HOMESSID is just your typical out the box WIFI+LAN+WAN setup.
It’s the addition of WORKSSID I need to figure out how to do.
So, assuming the following
HOME is 192.168.1.0/24 gw 192.168.1.1
WORK is 10.1.1.0/24 gw 10.1.1.1 and 10.0.0.0/8 is the wider work network (e.g. 10.2.0.0/16).
A device on HOMESSID or Switch should be able to
- access the internet,
- devices on the LAN.
A device on WORKSSID should be able to
- access the internet via ISP
- access HOMESSID/LAN hosts
- access wider WORK network via VPN
- access other hosts on WORKSSID (v important)
Or put in terms of routes…
HOME NET: 192.168.1.0/24
0.0.0.0 => WAN
192.168.1.0/24 → LAN
WORK NET: 10.1.1.0/24
0.0.0.0 => WAN
192.168.1.0/24 → LAN
10.1.1.0/24 → WORKSSID (wlanX)
10.0.0.0/8 → VPN (the VPN routes are in reality many smaller blocks)