Good morning to you
I followed this link "https://ajamuid.blogspot.com/2017/05/po ... an-in.html" to connect the two ISPs on Lan its working .
Now i dont know what i can do to see my agencies by VPN and even the two lans are not communicating again .
LAN1: 192.168.15.0/24---------->ISP1 ok
LAN2: 192.168.16.0/24---------> ISP2 ok
LAN1<-------------------> LAN2 fail
LAN1,LAN2 <---------------------------> LAN3 :192.168.20.0/24(BY VPN ) fail
Please any idea
-
-
wilsongamo
newbie
- Posts: 45
- Joined:
Re: connect 2 IPS and 1 VPN on 2 Lans
ok i found the solution
1 create the VPN route
add gateway=vpn --> routing-mark= VPN
ip firewall adress-list add list address =192.168.15.0/24-192.168.24.0/24
ip firewall mangle
add chain =perouting src adrress=192.168.15.0/24 dst-list=vpnlist new routing =VPN
same thing for 192.168.16.0/24
1 create the VPN route
add gateway=vpn --> routing-mark= VPN
ip firewall adress-list add list address =192.168.15.0/24-192.168.24.0/24
ip firewall mangle
add chain =perouting src adrress=192.168.15.0/24 dst-list=vpnlist new routing =VPN
same thing for 192.168.16.0/24
-
-
wilsongamo
newbie
- Posts: 45
- Joined:
Re: connect 2 IPS and 1 VPN on 2 Lans
I have problem please help
LAN1 LAN2------------>LAN VPN (192.168.16.20.0/24) OK
LAN VPN ----------------------> ROUTER LAN1 ,LAN2(192.168.15.1 and 192.168.16.1) OK
LAN VPN ----------------------> LAN1 ,LAN2(192.168.15.2 and 192.168.16.2) fail
I cannot cross 192.168.15.1 i dont know why please help
LAN1 LAN2------------>LAN VPN (192.168.16.20.0/24) OK
LAN VPN ----------------------> ROUTER LAN1 ,LAN2(192.168.15.1 and 192.168.16.1) OK
LAN VPN ----------------------> LAN1 ,LAN2(192.168.15.2 and 192.168.16.2) fail
I cannot cross 192.168.15.1 i dont know why please help
-
-
wilsongamo
newbie
- Posts: 45
- Joined:
Re: connect 2 IPS and 1 VPN on 2 Lans
Hello to All
Please i still have a same problem
i can ping 192.168.15.1 but not 192.168.15.2 ?? why ??? please help
Please i still have a same problem
i can ping 192.168.15.1 but not 192.168.15.2 ?? why ??? please help
Re: connect 2 IPS and 1 VPN on 2 Lans
Instead of describing what you think you've done, shows us what you've actually done. You can export config using:
If you post it here, someone might spot what exactly is wrong.
Code: Select all
/export hide-sensitive-
-
wilsongamo
newbie
- Posts: 45
- Joined:
Re: connect 2 IPS and 1 VPN on 2 Lans
/interface bridge
add name="MAIN LAN "
/interface ethernet
set [ find default-name=ether6 ] name=LAN1
set [ find default-name=ether7 ] name=LAN2
set [ find default-name=ether4 ] name="WAN 4G"
set [ find default-name=ether2 ] name="Wan Internet"
set [ find default-name=ether3 ] name="Wan VPN "
/interface pppoe-client
add comment="MTN INTERNET 2" disabled=no interface="Wan VPN " name=INTERNET2 \
use-peer-dns=yes user=ntarikonco_OUT@yellobb.mtnns.cm
add comment="MTN INTERNET " disabled=no interface="Wan Internet" name=\
"MTN INTERNET " use-peer-dns=yes user=
add comment="MTN VPN" disabled=no interface="Wan VPN " name="MTN VPN " user=\
/interface pptp-server
add name=pptp-interface user=""
/ip neighbor discovery
set INTERNET2 comment="MTN INTERNET 2"
set "MTN INTERNET " comment="MTN INTERNET "
set "MTN VPN " comment="MTN VPN"
/ip address
add address=192.168.15.1/24 interface="MAIN LAN " network=192.168.15.0
add address=192.168.16.1/24 interface="MAIN LAN " network=192.168.16.0
/ip dns
set servers=4.2.2.2,8.8.2.2
/ip firewall address-list
add address=192.168.15.0-192.168.26.0 list="list VPN"
add address=192.168.15.0-192.168.16.0 list=dest-list
/ip firewall mangle
add action=mark-routing chain=prerouting comment="direction vers internet2" \
disabled=yes dst-address-list="!list VPN" new-routing-mark=INTERNET2 \
passthrough=no src-address=192.168.16.0/24
add action=mark-routing chain=prerouting comment="direction vers internet1" \
disabled=yes dst-address-list="!list VPN" new-routing-mark=INTERTNET1 \
passthrough=no src-address=192.168.15.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="Nat Internet1" out-interface=\
"MTN INTERNET "
add action=masquerade chain=srcnat comment="Nat Internet2" out-interface=\
INTERNET2
add action=masquerade chain=srcnat comment="WAN 4G" out-interface="WAN 4G"
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=*F00001 \
protocol=tcp to-addresses=192.168.15.2 to-ports=3389
/ip route
add comment="mark Internet 2" distance=1 gateway=INTERNET2 routing-mark=\
INTERNET2
add comment="mark Internet 1" distance=1 gateway="MTN INTERNET " routing-mark=\
INTERTNET1
add comment=BAFOUSSAM distance=1 dst-address=192.168.25.0/24 gateway="MTN VPN " \
routing-mark="VPN BAF"
add comment="route Internet1" distance=1 gateway="MTN INTERNET "
add comment="WAN 0.0/24" distance=1 dst-address=172.23.0.0/24 gateway=\
"Wan VPN "
add comment="WAN BONABERIE" distance=1 dst-address=172.23.0.4/32 gateway=\
"MTN VPN "
add comment="WAN douche" distance=1 dst-address=172.23.0.5/32 gateway=\
"MTN VPN "
add comment="WAN buea" distance=1 dst-address=172.23.0.7/32 gateway="MTN VPN "
add distance=1 dst-address=172.23.0.8/32 gateway="MTN VPN "
add comment="WAN BAF" distance=1 dst-address=172.23.0.10/32 gateway="MTN VPN "
add comment="WAN 1.0/24" distance=1 dst-address=172.23.1.0/24 gateway=\
"MTN VPN "
add comment=melen distance=1 dst-address=172.23.1.1/32 gateway="MTN VPN "
add comment="WAN ekounou" distance=1 dst-address=172.23.1.2/32 gateway=\
"MTN VPN "
add distance=1 dst-address=192.168.16.200/32 gateway="MTN VPN " pref-src=\
192.168.16.1
add comment=bonaberi distance=1 dst-address=192.168.17.0/24 gateway="MTN VPN "
add comment=douche distance=1 dst-address=192.168.18.0/24 gateway="MTN VPN "
add comment="cite palmier " distance=1 dst-address=192.168.19.0/24 gateway=\
"MTN VPN "
add comment=melen distance=1 dst-address=192.168.20.0/24 gateway="MTN VPN "
add comment=ekounou distance=1 dst-address=192.168.21.0/24 gateway="MTN VPN "
add comment="bertoua " distance=1 dst-address=192.168.22.0/24 gateway=\
"MTN VPN "
add comment=buea distance=1 dst-address=192.168.23.0/24 gateway="MTN VPN "
add comment=Kumba distance=1 dst-address=192.168.24.0/24 gateway="MTN VPN "
add name="MAIN LAN "
/interface ethernet
set [ find default-name=ether6 ] name=LAN1
set [ find default-name=ether7 ] name=LAN2
set [ find default-name=ether4 ] name="WAN 4G"
set [ find default-name=ether2 ] name="Wan Internet"
set [ find default-name=ether3 ] name="Wan VPN "
/interface pppoe-client
add comment="MTN INTERNET 2" disabled=no interface="Wan VPN " name=INTERNET2 \
use-peer-dns=yes user=ntarikonco_OUT@yellobb.mtnns.cm
add comment="MTN INTERNET " disabled=no interface="Wan Internet" name=\
"MTN INTERNET " use-peer-dns=yes user=
add comment="MTN VPN" disabled=no interface="Wan VPN " name="MTN VPN " user=\
/interface pptp-server
add name=pptp-interface user=""
/ip neighbor discovery
set INTERNET2 comment="MTN INTERNET 2"
set "MTN INTERNET " comment="MTN INTERNET "
set "MTN VPN " comment="MTN VPN"
/ip address
add address=192.168.15.1/24 interface="MAIN LAN " network=192.168.15.0
add address=192.168.16.1/24 interface="MAIN LAN " network=192.168.16.0
/ip dns
set servers=4.2.2.2,8.8.2.2
/ip firewall address-list
add address=192.168.15.0-192.168.26.0 list="list VPN"
add address=192.168.15.0-192.168.16.0 list=dest-list
/ip firewall mangle
add action=mark-routing chain=prerouting comment="direction vers internet2" \
disabled=yes dst-address-list="!list VPN" new-routing-mark=INTERNET2 \
passthrough=no src-address=192.168.16.0/24
add action=mark-routing chain=prerouting comment="direction vers internet1" \
disabled=yes dst-address-list="!list VPN" new-routing-mark=INTERTNET1 \
passthrough=no src-address=192.168.15.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="Nat Internet1" out-interface=\
"MTN INTERNET "
add action=masquerade chain=srcnat comment="Nat Internet2" out-interface=\
INTERNET2
add action=masquerade chain=srcnat comment="WAN 4G" out-interface="WAN 4G"
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=*F00001 \
protocol=tcp to-addresses=192.168.15.2 to-ports=3389
/ip route
add comment="mark Internet 2" distance=1 gateway=INTERNET2 routing-mark=\
INTERNET2
add comment="mark Internet 1" distance=1 gateway="MTN INTERNET " routing-mark=\
INTERTNET1
add comment=BAFOUSSAM distance=1 dst-address=192.168.25.0/24 gateway="MTN VPN " \
routing-mark="VPN BAF"
add comment="route Internet1" distance=1 gateway="MTN INTERNET "
add comment="WAN 0.0/24" distance=1 dst-address=172.23.0.0/24 gateway=\
"Wan VPN "
add comment="WAN BONABERIE" distance=1 dst-address=172.23.0.4/32 gateway=\
"MTN VPN "
add comment="WAN douche" distance=1 dst-address=172.23.0.5/32 gateway=\
"MTN VPN "
add comment="WAN buea" distance=1 dst-address=172.23.0.7/32 gateway="MTN VPN "
add distance=1 dst-address=172.23.0.8/32 gateway="MTN VPN "
add comment="WAN BAF" distance=1 dst-address=172.23.0.10/32 gateway="MTN VPN "
add comment="WAN 1.0/24" distance=1 dst-address=172.23.1.0/24 gateway=\
"MTN VPN "
add comment=melen distance=1 dst-address=172.23.1.1/32 gateway="MTN VPN "
add comment="WAN ekounou" distance=1 dst-address=172.23.1.2/32 gateway=\
"MTN VPN "
add distance=1 dst-address=192.168.16.200/32 gateway="MTN VPN " pref-src=\
192.168.16.1
add comment=bonaberi distance=1 dst-address=192.168.17.0/24 gateway="MTN VPN "
add comment=douche distance=1 dst-address=192.168.18.0/24 gateway="MTN VPN "
add comment="cite palmier " distance=1 dst-address=192.168.19.0/24 gateway=\
"MTN VPN "
add comment=melen distance=1 dst-address=192.168.20.0/24 gateway="MTN VPN "
add comment=ekounou distance=1 dst-address=192.168.21.0/24 gateway="MTN VPN "
add comment="bertoua " distance=1 dst-address=192.168.22.0/24 gateway=\
"MTN VPN "
add comment=buea distance=1 dst-address=192.168.23.0/24 gateway="MTN VPN "
add comment=Kumba distance=1 dst-address=192.168.24.0/24 gateway="MTN VPN "
Re: connect 2 IPS and 1 VPN on 2 Lans
It should work for VPN subnets 192.168.17-26.0/24, because those are excluded from marking using address list. But it will fail for VPN subnets 172.*.
What happens is that you have only single route (default) in routing tables INTERTNET1 and INTERNET2. So once you mark routing and these tables get used, other routes in main routing table are ignored. So if ping comes from non-excluded subnet, it will work for 192.168.15.1, because it's on router itself, so reply does not come through prerouting and doesn't get marked. But reply from 192.168.15.2 gets marked and will be sent to ISP1, because it's the only route in INTERTNET1 routing table.
You can either extend your exclusions list to contain all local and VPN subnets. Or you could skip address lists and mangle rules completely and instead use something like this:
What happens is that you have only single route (default) in routing tables INTERTNET1 and INTERNET2. So once you mark routing and these tables get used, other routes in main routing table are ignored. So if ping comes from non-excluded subnet, it will work for 192.168.15.1, because it's on router itself, so reply does not come through prerouting and doesn't get marked. But reply from 192.168.15.2 gets marked and will be sent to ISP1, because it's the only route in INTERTNET1 routing table.
You can either extend your exclusions list to contain all local and VPN subnets. Or you could skip address lists and mangle rules completely and instead use something like this:
Code: Select all
/ip route rule
add action=lookup dst-address=192.168.0.0/16 table=main
add action=lookup dst-address=172.16.0.0/12 table=main
add action=lookup src-address=192.168.15.0/24 table=INTERNET1
add action=lookup src-address=192.168.16.0/24 table=INTERNET2-
-
wilsongamo
newbie
- Posts: 45
- Joined:
Re: connect 2 IPS and 1 VPN on 2 Lans
Thank you for the Reply
But i still have a same problem 192.168.15.2 its no accessible from others routeurs .
Thanks
But i still have a same problem 192.168.15.2 its no accessible from others routeurs .
Code: Select all
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.35.4 (c) 1999-2016 http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
sep/20/2018 10:38:38 system,error,critical login failure for user admin from 173.2
08.173.130 via ssh
sep/20/2018 10:39:46 system,error,critical login failure for user admin from 204.1
2.198.180 via ssh
[Ntaccul@Head Office] > /export hide-sensitive
# sep/20/2018 11:58:01 by RouterOS 6.35.4
# software id = S8LW-CLGY
#
/interface ethernet
set [ find default-name=ether2 ] name="ether2-WAN VPN"
set [ find default-name=ether3 ] name="ether3-WAN INTERNET "
set [ find default-name=ether4 ] disabled=yes name=ether4-WAN4G
set [ find default-name=ether6 ] name=ether6-LAN
/interface pppoe-client
add comment=internet1 disabled=no interface="ether3-WAN INTERNET " name=\
"PPPOE INTERNET " use-peer-dns=yes user=ntarikon01_OUT@yellobb.mtnns.cm
add comment=VPN disabled=no interface="ether3-WAN INTERNET " name="VPN PPOE" \
user=ntarihobda_OUT@ntarikonccu.cm
add comment=internet2 disabled=no interface="ether3-WAN INTERNET " name=\
internet2 use-peer-dns=yes user=ntarikonco_OUT@yellobb.mtnns.cm
add interface="ether2-WAN VPN" name=pppoe-out1 user=\
ntarkbrtua_OUT@yellobb.mtnns.cm
/ip address
add address=192.168.15.1/24 interface=ether6-LAN network=192.168.15.0
add address=192.168.16.1/24 interface=ether6-LAN network=192.168.16.0
/ip firewall mangle
add action=mark-routing chain=prerouting comment="internet1 for HO" \
new-routing-mark=Internet1 src-address=192.168.15.0/24
add action=mark-routing chain=prerouting comment="internet2 for branch " \
new-routing-mark=Internet2 src-address=192.168.16.0/24
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes src-address=192.168.16.0/24
add action=masquerade chain=srcnat comment=Internet1 out-interface=\
"PPPOE INTERNET "
add action=masquerade chain=srcnat comment=Internet2 out-interface=internet2
/ip route
add comment="Mark-routeing Internet1" distance=1 gateway="PPPOE INTERNET " \
routing-mark=Internet1
add comment="Mark-routeing Internet2" distance=1 gateway=internet2 \
routing-mark=Internet2
add distance=1 dst-address=172.23.0.0/24 gateway="VPN PPOE" pref-src=172.23.0.1 \
scope=10
add distance=1 dst-address=172.23.0.1/32 gateway="VPN PPOE" pref-src=172.23.0.1 \
scope=10
add distance=1 dst-address=172.23.0.4/32 gateway="VPN PPOE"
add distance=1 dst-address=172.23.1.0/24 gateway="VPN PPOE" pref-src=172.23.0.1 \
scope=10
add comment=BONABERI distance=1 dst-address=192.168.17.0/24 gateway="VPN PPOE"
add comment=DOUCHE distance=1 dst-address=192.168.18.0/24 gateway="VPN PPOE"
add comment=CITE distance=1 dst-address=192.168.19.0/24 gateway="VPN PPOE"
add comment=MELEN distance=1 dst-address=192.168.20.0/24 gateway="VPN PPOE"
add comment=EKOUNOU distance=1 dst-address=192.168.21.0/24 gateway="VPN PPOE"
add comment=BERTOUA distance=1 dst-address=192.168.22.0/24 gateway="VPN PPOE"
add comment=BUEA distance=1 dst-address=192.168.23.0/24 gateway="VPN PPOE"
add comment=KUMBA distance=1 dst-address=192.168.24.0/24 gateway="VPN PPOE"
add comment=BAFOUSSAM distance=1 dst-address=192.168.25.0/24 gateway="VPN PPOE"
/ip route rule
add dst-address=192.168.0.0/16 table=main
add dst-address=172.16.0.0/16 table=main
add dst-address=192.168.15.0/24 table=Internet1
add dst-address=192.168.16.0/24 table=Internet2
-
-
wilsongamo
newbie
- Posts: 45
- Joined:
Re: connect 2 IPS and 1 VPN on 2 Lans
Screen shot
You do not have the required permissions to view the files attached to this post.
Re: connect 2 IPS and 1 VPN on 2 Lans
Last two routing rules are wrong, they should have src-address, not dst-address:
They are meant as replacement for route marking mangle rules (you won't need those anymore). But it's not breaking bug, even your current config should work.
Is it possible that firewall on 192.168.15.2 would not be accepting pings from other subnets? Definitely check that.
If that's not the case, add these rules:
Try the ping again and check what happens. You should see the request logged twice, first coming to router and then leaving via ether6-LAN. Then a reply should come from ether6-LAN and continue to "VPN PPOE".
Code: Select all
/ip route rule
add src-address=192.168.15.0/24 table=Internet1
add src-address=192.168.16.0/24 table=Internet2Is it possible that firewall on 192.168.15.2 would not be accepting pings from other subnets? Definitely check that.
If that's not the case, add these rules:
Code: Select all
add action=log chain=prerouting dst-address=192.168.15.2 log-prefix=ping1 protocol=icmp
add action=log chain=postrouting dst-address=192.168.15.2 log-prefix=ping2 protocol=icmp
add action=log chain=prerouting log-prefix=pong1 protocol=icmp src-address=192.168.15.2
add action=log chain=postrouting log-prefix=pong2 protocol=icmp src-address=192.168.15.2-
-
wilsongamo
newbie
- Posts: 45
- Joined:
Re: connect 2 IPS and 1 VPN on 2 Lans
from 192.168.15.0/4 a i can i see all my agencies but from them i cant see 192.168.15.0/24
Code: Select all
/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether4 ] name="Wan 4G"
set [ find default-name=ether2 ] name="Wan Internet"
set [ find default-name=ether3 ] name="Wan VPN"
/interface pppoe-client
add disabled=no interface="Wan VPN" name="MTN VPN" user=ntarihobda_OUT@ntarikonccu.cm
add comment="INTERNET 1" disabled=no interface="Wan VPN" name=internet1 use-peer-dns=yes user=ntarikon01_OUT@yellobb.mtnns.cm
add comment=internet2 disabled=no interface="Wan VPN" name=internet2 user=ntarikonco_OUT@yellobb.mtnns.cm
/ip neighbor discovery
set internet1 comment="INTERNET 1"
set internet2 comment=internet2
/interface bridge port
add bridge=LAN interface=ether7
add bridge=LAN interface=ether6
/ip address
add address=192.168.15.1/24 interface=LAN network=192.168.15.0
add address=192.168.16.1/24 interface=LAN network=192.168.16.0
/ip firewall filter
add chain=forward comment=youtube content=youtube
add chain=forward comment=tube content=*tube
add chain=forward comment=*.mp3 content=*.mp3
add chain=forward comment=*torrent content=*torrent
add chain=forward comment=*facebook content=*facebook
add action=drop chain=forward comment=16.10 out-interface=internet1 src-address=192.168.16.10
add action=drop chain=forward comment=16.19 out-interface=internet1 src-address=192.168.16.19
add action=drop chain=forward comment=16.9 out-interface=internet1 src-address=192.168.16.9
add action=drop chain=forward comment=16.245 out-interface=internet1 src-address=192.168.16.245
add action=drop chain=forward comment=16.212 out-interface=internet1 src-address=192.168.16.212
add action=drop chain=forward comment=16.211 out-interface=internet1 src-address=192.168.16.211
/ip firewall mangle
add action=log chain=prerouting comment=log1 dst-address=192.168.15.2 log-prefix=ping1 protocol=icmp
add action=log chain=prerouting comment=log2 dst-address=192.168.15.2 log-prefix=ping2 protocol=icmp
add action=log chain=prerouting comment=pong2 log-prefix=pong2 protocol=icmp src-address=192.168.15.2
add action=log chain=prerouting comment=pong1 log-prefix=pong1 protocol=icmp src-address=192.168.15.2
add chain=prerouting dst-address=192.168.15.1 src-address=192.168.15.0/24
add chain=prerouting dst-address=192.168.16.1 src-address=192.168.16.0/24
add action=mark-routing chain=prerouting comment="mark routing internet1." new-routing-mark=Internet1 passthrough=no \
src-address=192.168.15.0/24
add action=mark-routing chain=prerouting comment="mark routing internet2." new-routing-mark=Internet2 passthrough=no \
src-address=192.168.16.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=internet2
add action=masquerade chain=srcnat out-interface=internet1
/ip route
add comment="Route Internet 1" distance=1 gateway=internet1 routing-mark=Internet1
add comment="Route Internet 2" distance=1 gateway=internet2 routing-mark=Internet2
add distance=1 gateway=internet1
add distance=10 gateway=internet2
add distance=1 dst-address=172.23.0.1/32 gateway="MTN VPN"
add distance=1 dst-address=172.23.0.2/32 gateway="MTN VPN"
add distance=1 dst-address=172.23.0.3/32 gateway="MTN VPN"
add distance=1 dst-address=172.23.0.4/32 gateway="MTN VPN"
add distance=1 dst-address=172.23.0.5/32 gateway="MTN VPN"
add distance=1 dst-address=172.23.0.6/32 gateway="MTN VPN"
add distance=1 dst-address=172.23.0.7/32 gateway="MTN VPN"
add distance=1 dst-address=172.23.1.1/32 gateway="MTN VPN"
add distance=1 dst-address=172.23.1.2/32 gateway="MTN VPN"
add distance=1 dst-address=172.23.1.3/32 gateway="MTN VPN"
add distance=1 dst-address=192.168.17.0/24 gateway="MTN VPN"
add distance=1 dst-address=192.168.18.0/24 gateway="MTN VPN"
add distance=1 dst-address=192.168.19.0/24 gateway="MTN VPN"
add distance=1 dst-address=192.168.20.0/24 gateway="MTN VPN"
add distance=1 dst-address=192.168.21.0/24 gateway="MTN VPN"
add distance=1 dst-address=192.168.22.0/24 gateway="MTN VPN"
add distance=1 dst-address=192.168.23.0/24 gateway="MTN VPN"
add distance=1 dst-address=192.168.24.0/24 gateway="MTN VPN"
add distance=1 dst-address=192.168.25.0/24 gateway="MTN VPN"
/ip route rule
add dst-address=172.16.0.0/12 table=main
add dst-address=192.168.0.0/16 table=main
add src-address=192.168.15.0/24 table=Internet1
add src-address=192.168.16.0/24 table=Internet2
-
-
wilsongamo
newbie
- Posts: 45
- Joined:
Re: connect 2 IPS and 1 VPN on 2 Lans
SUper thanks very much its working now