I have situation like in drawing.
Remote locations are connected to Headquarters L2TP IPsec VPN server (LAN 192.168.0.0./24).

Problem is that all remote locations have save LAN subnet 192.168.2.0.

Changing remote LAN subnet/network is not an option.
Is it possible to access all remote locations from Headquarters.

Currently in Headuarters I have added route like this:
/ip route add distance=1 dst-address=192.168.2.0/24 gateway=VPN_IP_OF_REMOTE_LOCATION

And I can access only one location at same time.
If I want to access IP from other location, I have to disable this route and add route to other location.

Is it possible to create some kind of virtual network redirection
something like this
192.168.11.X/24 redirect to Location 1 IP: 192.168.2.X/24
192.168.22.X/24 redirect to Location 2 IP: 192.168.2.X/24
192.168.33.X/24 redirect to Location 3 IP: 192.168.2.X/24

THANKS

Use netmap https://wiki.mikrotik.com/wiki/Manual:I ... :1_mapping - the rules can be made more specific to only map traffic via the VPN interfaces. Translating the addresses at each client will be far easier than attempting it on the headquarters router.

This is normally a situation into which one can get only unintentionally. The solution should be as follows:

/ip firewall mangle
add chain=prerouting action=mark-routing dst-address=192.168.11.0/24 new-routing-mark=client-11
add chain=prerouting action=mark-routing dst-address=192.168.22.0/24 new-routing-mark=client-22
add chain=prerouting action=mark-routing dst-address=192.168.33.0/24 new-routing-mark=client-33

/ip firewall nat
add chain=dstnat action=netmap dst-address=192.168.11.0/24 to-addresses=192.168.2.0/24
add chain=dstnat action=netmap dst-address=192.168.22.0/24 to-addresses=192.168.2.0/24
add chain=dstnat action=netmap dst-address=192.168.33.0/24 to-addresses=192.168.2.0/24

/ip route
add routing-mark=client-11 gateway=l2tp-client11
add routing-mark=client-22 gateway=l2tp-client22
add routing-mark=client-33 gateway=l2tp-client33

Mangle takes place before NAT, so at that moment the packet's dst-address is still the distinct one, so we can assign the routing-mark. Then the dstnat translates the prefix from the distinctive one (192.168.xx) to the overlapping one (192.168.2), and finally the route with routing-mark sends matching packets out the appropriate L2TP interface.

In order that this soultion would survive client disconnection and re-connection or server reboot, you need to define the static aliases for L2TP client interfaces at server side if you haven't done it yet:
interface l2tp-server
add name=l2tp-client11 user=client11
add name=l2tp-client22 user=client22
add name=l2tp-client33 user=client33


EDIT: fixed the mistake in the mangle rules as per the post below.

THANKS A MILLION.

I only got red error "bad new routing mark" in Mangle command.
I have changed property routing-mark to new-routing-mark

Now its working OK.

changed from:
/ip firewall mangle
add chain=prerouting action=mark-routing dst-address=192.168.11.0/24 routing-mark=client-11

to this:
/ip firewall mangle
add chain=prerouting action=mark-routing dst-address=192.168.11.0/24 new-routing-mark=client-11

I only got red error "bad new routing mark" in Mangle command.
I have changed property routing-mark to new-routing-mark

Correct, sorry, I was doing three things simultaneously. I'll fix it in that post so that everything is correct in one place.

Sindy=genius!!!
You should write a routerOS book, I will pre-order buy it now!

Sindy=genius!!!
You should write a routerOS book, I will pre-order buy it now!

Yes, indeed, that he should do, will also order before publication.
His method of reaching or explains is excellent

This is normally a situation into which one can get only unintentionally. The solution should be as follows:

/ip firewall mangle
add chain=prerouting action=mark-routing dst-address=192.168.11.0/24 new-routing-mark=client-11
add chain=prerouting action=mark-routing dst-address=192.168.22.0/24 new-routing-mark=client-22
add chain=prerouting action=mark-routing dst-address=192.168.33.0/24 new-routing-mark=client-33

/ip firewall nat
add chain=dstnat action=netmap dst-address=192.168.11.0/24 to-addresses=192.168.2.0/24
add chain=dstnat action=netmap dst-address=192.168.22.0/24 to-addresses=192.168.2.0/24
add chain=dstnat action=netmap dst-address=192.168.33.0/24 to-addresses=192.168.2.0/24

/ip route
add routing-mark=client-11 gateway=l2tp-client11
add routing-mark=client-22 gateway=l2tp-client22
add routing-mark=client-33 gateway=l2tp-client33

Mangle takes place before NAT, so at that moment the packet's dst-address is still the distinct one, so we can assign the routing-mark. Then the dstnat translates the prefix from the distinctive one (192.168.xx) to the overlapping one (192.168.2), and finally the route with routing-mark sends matching packets out the appropriate L2TP interface.

In order that this soultion would survive client disconnection and re-connection or server reboot, you need to define the static aliases for L2TP client interfaces at server side if you haven't done it yet:
interface l2tp-server
add name=l2tp-client11 user=client11
add name=l2tp-client22 user=client22
add name=l2tp-client33 user=client33


EDIT: fixed the mistake in the mangle rules as per the post below.

Dear all,
I have 2 site
Site A will be the VPN server
I want Site B to be connected with Site A through a VPN. and I will dial Windows client VPN on my desktop and will be able to access site B Lan resource.
How I can deploy this..?
Please suggest any idea for that

Thanks
Regards

Why do you not start your own thread....???