Community discussions

MikroTik App
 
ticker
just joined
Topic Author
Posts: 2
Joined: Mon Jun 27, 2022 1:12 pm

Using Hex S as an edge router for L2TP connection

Mon Jun 27, 2022 2:07 pm

Hi!
I have just bought the Hex S in the hope of sorting out a problem I have with my home network. My level of understanding is pretty basic but willing to learn!
Currently, I have a Huiwei B628-265 4G modem in bridge mode connected via Vodafone to the internet. This is turn is connected to a Synology RT2600AC, set as the DHCP server, which is working well.
My problem is that Vodafone has restrictions in place (GNAT?) that affects connectivity to the outside world ie port forwarding, PLEX and the Playstation network.
I have a service from Andrews & Arnold that allows an L2TP connection (without IPSec) bypassing these problems with Vodafone and this is working perfectly on the main PC but I would like to have this service available on the main link to internet to benefit all of the devices on the network.
The RT2600AC unfortunately can only setup a L2TP connection with IPSEC credentials so fails to connect.
I have had this L2TP connection working on the Hex S when I swapped it out for the RT2600AC but I would rather keep the Synology device as the main hub of the network, if possible, rather than just an AP for WiFi.
My questions are: 1. Is it possible to set up the Hex S so that it acts as a kind of gateway between the modem and RT2600AC to apply the L2TP link and, 2. how on earth do I do this in the simplest language an idiot can understand!
My apologies for the lack of technical knowledge but I am hoping the kind folk on this forum can point me in the right direction, please.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Using Hex S as an edge router for L2TP connection

Mon Jun 27, 2022 7:25 pm

You can, but it introduces a layer of NAT so you have to configure port forwarding on both the Mikrotik and Synology routers.

For example if the Hex S is using its default LAN of 192.168.88.1/24 and the RT2600AC has a "WAN" address of 192.168.88.2/24, set either statically or by DHCP reservation on the Hex, then you would need a port forward on the Hex for TCP port 32400 from WAN to 192.168.88.2, and also port forward on the RT2600AC for TCP port 32400 from its "WAN" to whatever LAN address your plex server has.

Multiple layers of NAT frequently cause issues for Playstation network, so you results may be mixed for that.

You also need to consider which traffic goes via the L2TP tunnel and which goes directly via the 4G connection if you are likely to exceed the traffic limits (1TB/month for the "domestic" service).
 
AidanAus
Member Candidate
Member Candidate
Posts: 177
Joined: Wed May 08, 2019 7:35 am
Location: Australia
Contact:

Re: Using Hex S as an edge router for L2TP connection

Tue Jun 28, 2022 7:03 am

Down in Australia all out mobile networks are CGnat'ed unless you pay extra for a dynamic public ip address, luckily we don't have to worry about any of that(caution presumption ahead: assuming that we are dialling into a server and not the other way around) due to us dialling into the server rather than someone dialling into us.
So all you need to do to establish the VPN connection while the device is not the main router is to give it basic IP connectivity then set up the L2TP interface :)
The next step will be a bit harder as we need to manage the traffic, if you know the IP addresses of the networks you would like to you can just set up routes from the RT2600ac going to the hex's ip then either change the default route to go through the l2tp tunnel (you HAVE to add a static route for the L2TP server otherwise the l2tp tunnel will try and establish/keep its self alive through its on vpn interface rather than over the net) or you can set up individual routes.

If you are unsure of what you want to go through the tunnel, if you had a mikrotik as the gateway you could use mangle to mark traffic from a specific source ip (like the playstation) or incoming port, since I dont know if the RT2600 has this functionality and you listed that you wanted all the traffic through the L2TP tunnel the other way of doing this would be to set the default route on the RT2600 to go to the hex and then send the it out the L2TP interface. again you will need to set up static routes on both these routers to go to the l2tp server not using the l2tp interface otherwise it will fall apart.
 
ticker
just joined
Topic Author
Posts: 2
Joined: Mon Jun 27, 2022 1:12 pm

Re: Using Hex S as an edge router for L2TP connection

Thu Jun 30, 2022 11:49 pm

Thank you so much for your guidance. I will set aside some time this weekend to go through your points. I must admit to being somewhat overwhelmed by the amount of configuration options Routeros offers but understand why this makes it so powerful! Thanks again!

Who is online

Users browsing this forum: Google [Bot] and 33 guests