Hi
I need help for below please
I have site A with 6 IP public address and routerboard , Site B had normal internet with
routerboard & local server and there is VPN between A & B
Can I route 1public IP from site A to site B to access the server from anywhere
Best regards
Re: route public IP throw VPN site to site
Hi,
yes, you can.
Once you set up VPN link, site A and site B have private IP addresses (for example, router A has 172.16.0.1 and router B has 172.16.0.2 on VPN interface). Router B has another network with the server (for example, network 192.168.2.0/24, router B has 192.168.2.1/24 address and server has 192.168.2.100/24 IP address). Router A gets public IP address (for example 1.2.3.4).
Than you need to set up NATing and routing:
Router A:
/ip firewall nat add chain=dstnat dst-address=1.2.3.4(router A public IP) to-addresses=192.168.2.100(server private IP address)
changes (nats) public IP address to private address
/ip route add dst-address=192.168.2.0/24(router B network where server is) gateway=172.16.0.2(VPN interface IP of router B)
routes traffic with destination address of router B to router B
Router B:
/ip firewall mangle add chain=prerouting src-address=192.168.2.100(server private IP) dst-address!= action=mark-routing new-routing-mark=fromserver
marks traffic from server so it can be routed back to router A
/ip route add dst-address=0.0.0.0/0 routing-mark=fromserver gateway=172.16.0.1(VPN interface IP of router A)
routes marked traffic from server to router A
This should do the trick. Replace example IP addresses with yours. You must not route all traffic from router B to router A VPN IP, because VPN tunneling packets would be trying to get to router A via tunnel (themselfs), which is not possible. Therefor you mark only what is going from the server and set default gateway to router A for marked traffic so it goes back the same way it arrived.
I hope this was helpfull.
yes, you can.
Once you set up VPN link, site A and site B have private IP addresses (for example, router A has 172.16.0.1 and router B has 172.16.0.2 on VPN interface). Router B has another network with the server (for example, network 192.168.2.0/24, router B has 192.168.2.1/24 address and server has 192.168.2.100/24 IP address). Router A gets public IP address (for example 1.2.3.4).
Than you need to set up NATing and routing:
Router A:
/ip firewall nat add chain=dstnat dst-address=1.2.3.4(router A public IP) to-addresses=192.168.2.100(server private IP address)
changes (nats) public IP address to private address
/ip route add dst-address=192.168.2.0/24(router B network where server is) gateway=172.16.0.2(VPN interface IP of router B)
routes traffic with destination address of router B to router B
Router B:
/ip firewall mangle add chain=prerouting src-address=192.168.2.100(server private IP) dst-address!= action=mark-routing new-routing-mark=fromserver
marks traffic from server so it can be routed back to router A
/ip route add dst-address=0.0.0.0/0 routing-mark=fromserver gateway=172.16.0.1(VPN interface IP of router A)
routes marked traffic from server to router A
This should do the trick. Replace example IP addresses with yours. You must not route all traffic from router B to router A VPN IP, because VPN tunneling packets would be trying to get to router A via tunnel (themselfs), which is not possible. Therefor you mark only what is going from the server and set default gateway to router A for marked traffic so it goes back the same way it arrived.
I hope this was helpfull.
Re: route public IP throw VPN site to site
Think you very match i will try it and feed you back
Re: route public IP throw VPN site to site
Its working but very slow while internet connection its good Router A 18 MB & Router B 30 MB
I used PPTP VPN and cloud Router 1036 for A and 2011 for Router B
I used PPTP VPN and cloud Router 1036 for A and 2011 for Router B
Re: route public IP throw VPN site to site
How slow is it? And what are Routers upload speeds?
The problem is that when you send request to server, it goes to Router A and uses its download, than it is sent via VPN to Router B, so it uses Router A upload and Router B download. On the way back it uses Router B upload, Router A download and Router A upload. It also travels twice as long, so latency increases.
Natting also uses CPU, but CCR should handle it with no problem.
The problem is that when you send request to server, it goes to Router A and uses its download, than it is sent via VPN to Router B, so it uses Router A upload and Router B download. On the way back it uses Router B upload, Router A download and Router A upload. It also travels twice as long, so latency increases.
Natting also uses CPU, but CCR should handle it with no problem.
Re: route public IP throw VPN site to site
I don't now really why but very slow
Re: route public IP throw VPN site to site
hi!
sorry but i not understand this configuration.
router A public ip is here
172.16.0.1 pptp interface
192.168.2.100/24 which interface? why /24?
1.2.3.4
router B
172.16.0.2 pptp interface
192.168.2.1/24 which interface? why /24?
how public ip arrive at router b?
thanks you!
sorry but i not understand this configuration.
router A public ip is here
172.16.0.1 pptp interface
192.168.2.100/24 which interface? why /24?
1.2.3.4
router B
172.16.0.2 pptp interface
192.168.2.1/24 which interface? why /24?
how public ip arrive at router b?
thanks you!
Who is online
Users browsing this forum: No registered users and 103 guests