router-A is connected to router-B via L2TP/IPSec. I can connect successfully to router-B, I receive the local network's IP, I see the active connection on router-B.
I want to send all traffic from router-A via this connection, I tried a few things for the past hour, none seems to be working. Do you have a working tutorial?
router -A
model: 951Ui-2nD
current-firmware: 6.46.5
Router-B
model: RB760iGS
current-firmware: 6.44.5
Thank you!
Re: send all traffic through l2tp VPN
Hello, add a default route 0.0.0.0/0 gw=your_l2tp_tunnel and a nat rule.
Re: send all traffic through l2tp VPN
Hi,
This is what I have now, where 1.2.3.4 is the VPN server's public IP
This is what I have now, where 1.2.3.4 is the VPN server's public IP
Code: Select all
ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.0.1 1
1 DS 0.0.0.0/0 l2tp-vpn 1
2 ADC 10.10.14.1/32 10.10.14.36 l2tp-vpn 0
3 ADS 1.2.3.4/32 192.168.0.1 0
4 ADC 192.168.0.0/24 192.168.0.101 ether1 0
5 ADC 192.168.88.0/24 192.168.88.1 bridge 0
ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 chain=srcnat action=masquerade routing-mark=traffic_for_VPN out-interface=l2tp-vpn log=no log-prefix=""
Re: send all traffic through l2tp VPN
You currently have 2 default routes in the routing table:
You can see that the one using your "normal" gateway has the "A" mark.
This means "Active". Disable the default route over "192.168.0.1", the the other one (over your VPN) will become Active.
Code: Select all
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.0.1 1
1 DS 0.0.0.0/0 l2tp-vpn 1
You can see that the one using your "normal" gateway has the "A" mark.
This means "Active". Disable the default route over "192.168.0.1", the the other one (over your VPN) will become Active.
Re: send all traffic through l2tp VPN
If I try to disable it I get:
Code: Select all
ip route disable numbers=0
failure: can change only static routesRe: send all traffic through l2tp VPN
I was able to remove the route, however now I can't get out of the LAN from 192.168.88.0/24, while I can still reach my gw on L2TP server and the internet from the MikroTik (L2TP client)
Code: Select all
[user@MikroTik] <SAFE> ip route remove numbers=0
[user@MikroTik] <SAFE> ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 l2tp-vpn 1
1 ADC 10.10.14.1/32 10.10.14.36 l2tp-vpn 0
2 ADS 1.2.3.4/32 192.168.0.1 0
3 ADC 192.168.0.0/24 192.168.0.101 ether1 0
4 ADC 192.168.88.0/24 192.168.88.1 bridge 0
[user@MikroTik] <SAFE> ping 10.10.14.1
SEQ HOST SIZE TTL TIME STATUS
0 10.10.14.1 56 64 17ms
1 10.10.14.1 56 64 10ms
2 10.10.14.1 56 64 11ms
3 10.10.14.1 56 64 11ms
sent=4 received=4 packet-loss=0% min-rtt=10ms avg-rtt=12ms max-rtt=17ms
[user@MikroTik] <SAFE> ping 8.8.8.8
SEQ HOST SIZE TTL TIME STATUS
0 8.8.8.8 56 119 20ms
1 8.8.8.8 56 119 20ms
2 8.8.8.8 56 119 21ms
3 8.8.8.8 56 119 20ms
sent=4 received=4 packet-loss=0% min-rtt=20ms avg-rtt=20ms max-rtt=21msRe: send all traffic through l2tp VPN
Post your config:
Code: Select all
/export compact hide-sensitive
Re: send all traffic through l2tp VPN
try to increase the distance of 0.1
Re: send all traffic through l2tp VPN
At this time the VPN server is having issues and I wasn't told an estimate for remediation.
Therefore I can't try further settings yet.
Thank you for your help!
Therefore I can't try further settings yet.
Thank you for your help!