Thank You,mkx!
I already have routes to router 2 and 3 in router 1, but when add route in router 2 to router 3 through router 1 and in router 3 to router 2 through router 1:
8 A S 192.168.11.0/24 172.31.32.1
and
6 A S 192.168.10.0/24 172.31.32.1
there is no pig between router 2 and 3.
I try to set like gateway VPN connection, but didn't have success again.
It is VPN serer (Router 1):
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.43.4 (c) 1999-2018
http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[BurGas@Izgrev] > export
# dec/16/2018 19:47:17 by RouterOS 6.43.4
# software id = Q8ZW-C1T5
#
# model = 951G-2HnD
# serial number = 3E2D016AED59
/interface bridge
add fast-forward=no name=LAN
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=ether1 name=pppoe-out1 password=xxxxxx \
use-peer-dns=yes user=xxxxx
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=\
profile1 supplicant-identity="" wpa2-pre-shared-key=xxxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-XX country=bulgaria disabled=no \
frequency=auto mode=ap-bridge security-profile=profile1 ssid=Ivan
/ip pool
add name=dhcp_pool0 ranges=192.168.2.201-192.168.2.250
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=LAN lease-time=1d10m name=dhcp1
/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=wlan1
/interface l2tp-server server
set authentication=mschap1,mschap2 enabled=yes ipsec-secret=xxx use-ipsec=required
/ip address
add address=192.168.2.1/24 interface=LAN network=192.168.2.0
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=87.120.0.1,87.120.0.10,8.8.8.8 gateway=192.168.2.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip route
add distance=1 dst-address=192.168.10.0/24 gateway=172.31.32.3
add distance=1 dst-address=192.168.11.0/24 gateway=172.31.32.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=xxxxxx
set api-ssl disabled=yes
/ppp secret
add local-address=172.31.32.1 name="xxxxxxxx" password=xxxxxxxxxx remote-address=\
172.31.32.2 service=l2tp
add local-address=172.31.32.1 name="xxxxx" password=xxxxxxxxx remote-address=\
172.31.32.3 service=l2tp
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name=xxxx
/system routerboard settings
set silent-boot=no
[BurGas@Izgrev] >
It is router 2:
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.42.5 (c) 1999-2018
http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@Ralica Superior ATC] > export
# dec/16/2018 19:48:48 by RouterOS 6.42.5
# software id = 2RFZ-IBYK
#
# model = RouterBOARD 941-2nD
# serial number = 8AFE088CFE63
/interface bridge
add fast-forward=no name=AccessControl
add name=LAN
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface ethernet
set [ find default-name=ether1 ] comment=WAN: mac-address=CC:2D:E0:43:89:91
set [ find default-name=ether2 ] mac-address=CC:2D:E0:43:89:92
set [ find default-name=ether3 ] mac-address=CC:2D:E0:43:89:93
set [ find default-name=ether4 ] mac-address=CC:2D:E0:43:89:94
/interface l2tp-client
add allow=mschap1,mschap2 connect-to=xxxxxxxxxxx disabled=no ipsec-secret=xxxxxxx name=l2tp-out1 \
password=xxxxxxxxxxxx use-ipsec=yes user="xxxxxxxxxxx"
add connect-to=xxxxxxxxxxx disabled=no ipsec-secret="xxxxxxxxx" name=maintenance password=\
"xxxxxxxxxxxxxxxxx" use-ipsec=yes user="xxxxxxxxxxxxx"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.10.51-192.168.10.99
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=LAN lease-time=1d name=dhcp1
/interface bridge port
add bridge=LAN hw=no interface=ether2
add bridge=AccessControl interface=ether3
/ip address
add address=192.168.10.1/24 interface=LAN network=192.168.10.0
add address=10.10.18.101/24 interface=ether1 network=10.10.18.0
add address=10.10.3.1/24 interface=AccessControl network=10.10.3.0
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.10.0/24
add action=masquerade chain=srcnat src-address=10.10.3.0/24
add action=dst-nat chain=dstnat comment=SMDR: dst-address=10.10.18.101 dst-port=2300 protocol=tcp \
to-addresses=192.168.10.100
/ip route
add distance=1 gateway=10.10.18.1
add distance=1 dst-address=192.168.1.0/24 gateway=maintenance
add distance=1 dst-address=192.168.2.0/24 gateway=172.31.32.1
add distance=1 dst-address=192.168.11.0/24 gateway=172.31.32.1
add distance=1 dst-address=192.168.45.0/24 gateway=172.31.31.1
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name="xxxxxxxxxxxx"
/system ntp client
set enabled=yes primary-ntp=79.98.105.18
/system routerboard settings
set silent-boot=no
[admin@Ralica Superior ATC] >
It is router 3:
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.42.5 (c) 1999-2018
http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@Forest Beach] > export
# dec/16/2018 19:52:10 by RouterOS 6.42.5
# software id = F342-8V04
#
# model = RouterBOARD 941-2nD
# serial number = 8AFE08B9C1B7
/interface bridge
add name=LAN
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface ethernet
set [ find default-name=ether1 ] mac-address=CC:2D:E0:42:64:C1
set [ find default-name=ether2 ] mac-address=CC:2D:E0:42:64:C2
set [ find default-name=ether3 ] mac-address=CC:2D:E0:42:64:C3
set [ find default-name=ether4 ] mac-address=CC:2D:E0:42:64:C4
/interface l2tp-client
add allow=mschap1,mschap2 connect-to=xxxxxxxxxxx disabled=no ipsec-secret=\
xxxxxxxxxx name=xxxxxxxxxxx password=xxxxxxxxxxxxxxxxxx use-ipsec=yes user=\
"xxxxxxxxxxxxxx"
add connect-to=xxxxxxxxxxxxxxx disabled=no ipsec-secret="xxxxxxxxxxxxxx" name=\
l2tp-out1 password="xxxxxxxxxxxxxxxxx" use-ipsec=yes user=xxxxxxxxxxxxxxxxxx
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.11.51-192.168.11.99
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=LAN lease-time=1d10m name=\
dhcp1
/interface bridge port
add bridge=LAN hw=no interface=ether2
/ip address
add address=10.150.1.85/24 interface=ether1 network=10.150.1.0
add address=192.168.11.1/24 interface=LAN network=192.168.11.0
/ip dhcp-server lease
add address=192.168.11.150 client-id=1:bc:c3:42:a9:f5:b0 mac-address=\
BC:C3:42:A9:F5:B0 server=dhcp1
/ip dhcp-server network
add address=192.168.11.0/24 gateway=192.168.11.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.11.0/24
add action=dst-nat chain=dstnat dst-address=10.150.1.85 dst-port=2300 protocol=\
tcp to-addresses=192.168.11.101
/ip route
add distance=1 gateway=10.150.1.1
add distance=1 dst-address=192.168.1.0/24 gateway=l2tp-out1
add distance=1 dst-address=192.168.2.0/24 gateway=172.31.32.1
add distance=1 dst-address=192.168.10.0/24 gateway=172.31.32.1
add distance=1 dst-address=192.168.45.0/24 gateway=l2tp-out1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name="xxxxxxxxxxxx"
/system routerboard settings
set silent-boot=no
[admin@Forest Beach] >
In router 2 and 3 I have and other VPN connections.
I really hope You help me , thank you