Community discussions

MikroTik App
 
Nova
newbie
Topic Author
Posts: 25
Joined: Mon Aug 04, 2014 3:44 pm
Location: Spain // Germany

Help connecting 2 Mikrotiks WAN to WAN

Mon Aug 04, 2014 4:29 pm

Hello.

First of all... I'm not native english, so forgive me for any errors with the language.

I want to configure a VPN with mikrotiks routers using IPSEC/L2TP. But before that I'm testing to connect two routers mikrotik (RB2011UAS-2HND-IN) without any VPN tunnel created.
The idea is to connect two mikrotiks with one cable from eth1 to eth1 and in each router in Eth2 connect the LAN cable and make a bridge with the rests of the ports. Then make a ping from one router to the LAN of the other.


The configuration I made is:
- First I made a bridge with Eth2 + Eth6 (because this mikrotik has 2 switchs).
- Then I added slaves to Eth2 (3-4-5) und Eth6(7-8-9), I didn’t configure port 10 just in case I lose connection to the router.
- Configured IP - Addresses.
R1 WAN: 192.168.90.1 LAN: 192.168.88.1
R2: WAN: 192.168.99.1 LAN: 192.168.80.1
In R2:
Image
(Since the test is only with two mikrotiks connected to each other, I guess is not a problem to put WAN 192.168... Neither did I configure Firewall or NAT)

Something like this:

Image

Then just for comodity I created a DHCP server.

The problem I think is in the configuration of IP routes.

I have it like this now, and I'm able to ping from each router to the WAN of the other, but when I try to ping the LAN of the other it says timeout.

R1:
Image

R2:
Image

(One thing strange here is that when in the gateway I write in the 0.0.0.0/0 the WAN IP (192.168.99.1 for example) it says unreachable, but when I select the gateway with the name it works)

Ping from R1 to WAN of R2:

Image

Ping from R1 to LAN of R2:

Image

I not really understand either why number 2 has "special" ping to that IP.

I would appreciate any help.

Thanks and greetings.
 
User avatar
jayd2k
newbie
Posts: 45
Joined: Tue Sep 10, 2013 6:46 am
Location: Philippines

Re: Help connecting 2 Mikrotiks WAN to WAN

Wed Aug 06, 2014 7:10 am

I assume that on both routers you've already configured the respective name (identity)? E.g. identity "R1" and "R2". You can do this either via WebFig or WinBox using System -> Identity. The identity is reflected on the command line making it easier to identity the router a command was executed on.

Now, use the terminal to execute the following statements on both routers and post the output:

ros code

interface print detail
ip address print
ip route print
ip firewall filter print
The following two commands will remove all ip filter and nat rules eliminating the firewall as a possible cause while testing your setup:

ros code

ip firewall filter remove [find]
ip firewall nat remove [find]
As far as I can tell you've just misconfigured the WAN subnet whereby R1 is using 192.168.90.0/24 while R2 uses 192.168.99.0/24.

These are two separate subnets which can't communicate with each other w/o having another router in between.

To solve your issue it should be sufficient to place R1 on the wan subnet of of R2:

R1 - ether1 - 192.168.99.1/24
R2 - ether1 - 192.168.99.2/24

Once you did that they should be able to see and ping each other.

However to allow LAN@R1 to communicate with LAN@R2 and vice versa you'd still have to configure static routes or a dynamic routing protocol like OSPF.

Hope this helps.
By 2016 total internet traffic will be 3x 2011
 
Nova
newbie
Topic Author
Posts: 25
Joined: Mon Aug 04, 2014 3:44 pm
Location: Spain // Germany

Re: Help connecting 2 Mikrotiks WAN to WAN

Thu Aug 07, 2014 3:08 pm

Thank you very much for your answer.

Indeed it was that, I've changed both ip WAN and put them in the same subnet and now it works perfectly.

I also succeed creating IPSec and IPSec+ L2TP tunnels.

Thanks again.
My first language is not english, sorry for any mistakes.
 
User avatar
jayd2k
newbie
Posts: 45
Joined: Tue Sep 10, 2013 6:46 am
Location: Philippines

[SOLVED] Re: Help connecting 2 Mikrotiks WAN to WAN

Fri Aug 08, 2014 4:36 pm

solved.
By 2016 total internet traffic will be 3x 2011

Who is online

Users browsing this forum: MInhtd82 and 44 guests