Hi,
I have a need to set up VPN Connection that will support VOIP in 36 diffrent locations and most of the locations' internet conection is vial their local ISP which offer them private IP Address only. The 36 locations is owned by One person, so buying Public IP for all the locations is out of it as it will be preatly expensive for him to bear annually.

How can I achieve this with the local or private IP's Addresses using Mikrotik RouterOS?

Onojah JP

Get 1U of rackspace at a datacenter, put a RB1000 or RB1100 in, use OpenVPN from each site to the Datacenter.

the problem how do i configure the RouterOS at all locations to communicate with other using the private ip's? Noting that all the locations need to talk to each other in a mesh topology.

If the clients are private IPs they'll have to be NAT'd at some point by whoever can NAT them, probably the provider at that end. You have no influence on that. This may not work at all.

I think he means the "WAN" IP is a private IP. In which case, he still has a MT firewall at each endpoint. So have a OpenVPN/SSTP tunnel going to a concentrator from each endpoint and setup routes.

That would work for a hub and spoke with the spokes initiating traffic, but he wants fully meshed.

That would work for a hub and spoke with the spokes initiating traffic, but he wants fully meshed.

Yeah. That aint happenin... lol Unless say 1/2 of the sites have static real ips, then you could have some level of redundancy.

thanks for cracking your head for my sake! i appreciate.

what if i divide the sites to six zones with each zone having a server with live ip forming a mesh with each other and each server having six clients with privates ip's?

will that have a head way?

all i want is a seemless local connectivity fully redundant to enhance clients to client and to server connectivity using either or both the MT OSPF AND MESH technology in achieving the VPN VOIP network.

for the vpn, private to server (public) will work fine but for the VOIP, will it?

i dont know if the scenario above is feasible!

Thats what I was saying. If you took 6 sites and gave them public IPs, and had links going from each of those 6 sites to the other 5, you could have a semi-redundant setup. You COULD have all 36 sites connecting to each of the 6 public IPs and each of the 6 public IPs to each other, but you would NEED dynamic routing at every site to make it work good.

... but you would NEED dynamic routing at every site to make it work good.

Yes! Can OSPF do the Dynamic routing for the six sites with public ip's? I have only used OSPF for double link or can the MESH do it?

Thanks!

You would run OSPF on all the devices and it would only run over the vpn tunnel. It shouldnt have any problem handling it.

Put one router like RB450G or RB1100 in one datacenter where the ip should be able to reach from 36 locations you mentioned. You can use ping to determine where you able to reach or not to your router in datacenter from those 36locations.

Be sure to check the VPN you will going to use. Many ISPs blocked the VPN. Make sure the VPN you will use connected.
You dont need public ips to create VPN.
PPTP, L2TP, OVPN can be launched from private ips behind NAT as long as you able to reach the end node of VPN Server.

Routing will be set automatically when the VPN established. So whenever one of your side will to like to reach the other side it will ready the routing table set in your router at datacenter.

It will worked .. )
cause i do the same also in here ... he he he he .. but smaller network from you.

- Rio.Martin -

Thank you all! Keep the good job!!

I am going to try out all your suggestions and get back to the forum!

More advice are still welcome on my way.

I will ensure the ISP's in all locations open up their VPN port for these project.

Never had an ISP that blocks VPNs intentionally. Some providers that only provide NAT wont work with PPTP or IPSEC w/o NAT-T. But OpenVPN and SSTP should work fine anywhere. SSTP looks no different than HTTPS.