Hi All
I configured our RB931 to connect to a remote L2TP server, which works fine, but I would prefer if all internet traffic did not go across the tunnel as well. I remember on Windows there was an option to unselect (something about remote gateway). How would I do this on our Mikrotik?
Thanks,
R
Re: L2TP/IPsec connection without sharing internet [SOLVED]
You can use mangle to add routing marks then set the appropriate routing marks in your IP>Routes.
Use mangle to identify either src or destination and then apply either an "in-vpn" or "out-vpn" mark to it.
I use very similar to identify specific LAN devices to be able to use my work VPN.
Use mangle to identify either src or destination and then apply either an "in-vpn" or "out-vpn" mark to it.
I use very similar to identify specific LAN devices to be able to use my work VPN.
Re: L2TP/IPsec connection without sharing internet
I imagine you did something likeHi All
I configured our RB931 to connect to a remote L2TP server, which works fine, but I would prefer if all internet traffic did not go across the tunnel as well. I remember on Windows there was an option to unselect (something about remote gateway). How would I do this on our Mikrotik?
Thanks,
R
Code: Select all
/interface l2tp-client
add connect-to=<site> disabled=no name=myvpn use-ipsec=yes user=<user>
Code: Select all
/interface l2tp-client set myvpn add-default-route=no
/ip route add dst-address=<internal-network1> gateway=myvpn
/ip route add dst-address=<internal-network2> gateway=myvpn
Re: L2TP/IPsec connection without sharing internet
Stevo, that seems to be a typical scenario.
1. VPN to a server external to the router (as the chap indicated, but he want to ensure not all traffic going out the router uses this l2tp connection.
2. VPN to a server internal to the router (from coffee shop to home to use home internet outbound and thus the routers fw etc)
Do you have any fancy youtube vids for those scenarios?
(plus @steve when you get a chance can you comment here ....... viewtopic.php?f=7&t=145527)
1. VPN to a server external to the router (as the chap indicated, but he want to ensure not all traffic going out the router uses this l2tp connection.
2. VPN to a server internal to the router (from coffee shop to home to use home internet outbound and thus the routers fw etc)
Do you have any fancy youtube vids for those scenarios?
(plus @steve when you get a chance can you comment here ....... viewtopic.php?f=7&t=145527)
Re: L2TP/IPsec connection without sharing internet
Hi Steve
Thanks, worked like a charm. I modified the Mangle rule I created while setting up the VPN (following someone else's tutorial
) and basically specified the remote network's IP range to be tagged as VPN data. I'm assuming this means it leaves all other data this side.
Furthering network knowledge is one thing ... doing it with Mikrotik feels like starting out mountain climbing with Everest
Thanks, worked like a charm. I modified the Mangle rule I created while setting up the VPN (following someone else's tutorial
) and basically specified the remote network's IP range to be tagged as VPN data. I'm assuming this means it leaves all other data this side. Furthering network knowledge is one thing ... doing it with Mikrotik feels like starting out mountain climbing with Everest
You can use mangle to add routing marks then set the appropriate routing marks in your IP>Routes.
Use mangle to identify either src or destination and then apply either an "in-vpn" or "out-vpn" mark to it.
I use very similar to identify specific LAN devices to be able to use my work VPN.
Re: L2TP/IPsec connection without sharing internet
Well you know there are many dead bodies littering the slopes of MT Everest, so I think you may be onto something!
Re: L2TP/IPsec connection without sharing internet
Hello guys,
Please provide me some tutorial with solution of this case.
I have exactly the same need.
Please notify that I am beginner in mikrotik setup but with several tutorials and videos in youtube the result is following.
I have the following configuration scenario:
2 internet providers , 3 internal networks (internal Main, guest over WiFi, video surveillance) , VPN L2TP/IPsec
1port - Main ISP
2port - backup ISP
3port - internal network ->Main ISP + guest network(wifi Access points) over vlan -> backup ISP
4port - internal network ->Main ISP + guest network(wifi Access points) over vlan -> backup ISP
5port - video surveillance -> backup ISP
if Main ISP disappears or if I disable 1port -> all Internet traffic goes thru backup ISP without interruption
I'm not 90%
sure that my configuration is accurate as it should but it works some how.
I saw issue with video surveillance - traffic flows over Main ISP and I don't know why.
And second problem is related to this topic.
I want VPN users connected from out side to use their own providers for internet.
thank you in advance !
Please provide me some tutorial with solution of this case.
I have exactly the same need.
Please notify that I am beginner in mikrotik setup but with several tutorials and videos in youtube the result is following.
I have the following configuration scenario:
2 internet providers , 3 internal networks (internal Main, guest over WiFi, video surveillance) , VPN L2TP/IPsec
1port - Main ISP
2port - backup ISP
3port - internal network ->Main ISP + guest network(wifi Access points) over vlan -> backup ISP
4port - internal network ->Main ISP + guest network(wifi Access points) over vlan -> backup ISP
5port - video surveillance -> backup ISP
if Main ISP disappears or if I disable 1port -> all Internet traffic goes thru backup ISP without interruption
I'm not 90%
sure that my configuration is accurate as it should but it works some how.I saw issue with video surveillance - traffic flows over Main ISP and I don't know why.
And second problem is related to this topic.
I want VPN users connected from out side to use their own providers for internet.
thank you in advance !