Community discussions

MikroTik App
 
adrianb
just joined
Topic Author
Posts: 6
Joined: Wed Mar 08, 2023 4:11 pm

Routing to another VLAN through VPN

Thu Mar 09, 2023 4:24 pm

I have an IPSec VPN connecting mikrotik (10.7.7.0) and other router (192.168.42.0).

The VPN itself working flawlessly, but the other router has two (untagged, port based) VLAN's:
- VLAN1 (192.168.42.0)
- VLAN2 (10.1.1.0)

... and there is configured a (working) static route on that remote router as follows:
- 10.1.1.0/24 => 10.1.17.0/24 through 10.1.1.2 (another remote side's "local" router, with its own VLANs presumably)

Is there any possibility of connecting from 10.7.7.10 to 10.1.17.122?

Thanks in advance!
 
adrianb
just joined
Topic Author
Posts: 6
Joined: Wed Mar 08, 2023 4:11 pm

Re: Routing to another VLAN through VPN

Mon Mar 27, 2023 2:41 pm

So, I understand that it is not possible?
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Routing to another VLAN through VPN

Mon Mar 27, 2023 2:49 pm

I would expect a route Dst. Address [10.1.17.0/24] with Gateway [Wireguard interface].
If the above isn't working...please add a diagram of all involved IP addresses.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Routing to another VLAN through VPN

Mon Mar 27, 2023 5:38 pm

As stated, a diagram well labelled for context and full config to marry up words and pictures with actual evidence.
/export file=anynameyouwish ( minus router serial number and any public WANIP information )
 
adrianb
just joined
Topic Author
Posts: 6
Joined: Wed Mar 08, 2023 4:11 pm

Re: Routing to another VLAN through VPN  [SOLVED]

Sat May 27, 2023 8:51 am

I've totally forgot this post, as the wireguard is not an option here, and I have to look for another solution (and solved it by myself).

For anyone who might need details, I have to made two IPSec tunnels:
- the main (10.7.7.0/24->192.168.42.0/24) left intact, save for 'level' change from 'require' to 'unique', for better handling of SA's
- second IPSec tunnel with dst-address 10.1.17.0/24 (as above, level: unique)
- proposals, peers, identities, profiles remains unchanged
- no other changes (firewall, etc) required

Who is online

Users browsing this forum: Husky, rplant and 64 guests