Community discussions

MikroTik App
just joined
Topic Author
Posts: 7
Joined: Thu Dec 31, 2020 11:14 am

Routing between VPN

Thu Dec 31, 2020 12:52 pm

Hello, happy ending 2020 and happy new year!!
I open this post to ask you for help on what might be the optimal configuration in my situation.
I have several devices (rb 750) connected via eoip over sstp to a vpn server (RB 2011). I have clients who connect to RB2011 through the ovpn connections made by windows and each have to reach their own network behind rb750.
so i wish each opvn could only connect to a certain rb 750 and connected devices under it.
Can I do this with firewall rules or static routes?
Thank you all!!

ip lan RB750_1 ip eoip
ip lan RB750_2 ip eoip
ovpn_1 ip
ovpn_2 ip
# model = RB2011UiAS
/interface bridge
add name=bridge-S1
add name=bridge-S2
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 password=xx user=xx
/interface eoip
add local-address= mac-address=02:AD:EC:5F:AC:A1 name=eoip-S1 remote-address= tunnel-id=100
add local-address= mac-address=02:24:02:98:DB:C0 name=eoip-S2 remote-address= tunnel-id=101
/ip pool
add name=dhcp_pool0 ranges=
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether5 name=dhcp1
/ppp profile
add name=vpn-profile use-compression=no use-encryption=required
set *FFFFFFFE local-address=
/interface bridge port
add bridge=bridge-S1 interface=ether10
add bridge=bridge-S1 interface=eoip-S1
add bridge=bridge-S2 interface=eoip-S2
/interface ovpn-server server
set auth=sha1 certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=vpn-profile enabled=yes require-client-certificate=yes
/interface sstp-server server
set enabled=yes port=5443
/ip address
add address= disabled=yes interface=ether1 network=
add address= disabled=yes interface=bridge-S1 network=
add address= interface=ether5 network=
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address= dns-server=, gateway=
/ip dns
set servers=
/ip firewall filter
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input dst-port=1723 protocol=udp
add action=accept chain=input dst-port=1194 protocol=tcp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat src-address=
/ip route
add distance=1 gateway=
/ppp secret
add local-address= name=xx password=xx remote-address= service=sstp
add local-address= name=xx password=xx remote-address= service=sstp
add local-address= name=yy password=yy profile=vpn-profile remote-address= service=ovpn
add local-address= name=yy password=yy profile=vpn-profile remote-a

Who is online

Users browsing this forum: ib254254 and 191 guests