Hello everyone:
I have only been in the world of Mikrotik for a short time.
I have configured an IPSEC L2tp VPN between two Mikrotik routers.
Primary router - 192.168.0.68
Router B - 192.168.4.10
So far everything works fine.
Now they ask me that the PCs connected to Router B (192.168.4.10) go out to the Internet through the gateway of the Main Router (192.168.0.68)
I have tried putting the following routes on Router B (192.168.4.10)
Dest. Addr: 0.0.0.0/0
Gateway: 192.168.0.68
It does not work
Dest. Addr: 0.0.0.0/0
Gateway: 10.10.10.1 (local address PPPsecret - prymary router)
It does not work
Obviously I'm not doing something right. Could you guide me?
Thank you so much
(Sorry for my English)
Re: Internet for Remote Gateway
viewtopic.php?t=178360
I think this would be the best solution to your problem. Through this configuration all necessary traffic will be rerouted through the VPN tunnel and thus the server will become remote gateway for PCs
I think this would be the best solution to your problem. Through this configuration all necessary traffic will be rerouted through the VPN tunnel and thus the server will become remote gateway for PCs
Re: Internet for Remote Gateway
thanks for the reply
I try it and comment on it
I try it and comment on it
Re: Internet for Remote Gateway
Any reason you decided not to try wireguard vpn between the routers?
Re: Internet for Remote Gateway
Hello
Well, coincidentally, the VPN is now configured by WireGuard, since they recommended that I configure it that way.
But I had the same routing problem to go out through the main router gateway.
As soon as I can, I'll try what my colleague "Thecat12" sent and I'll tell you.
Thank you very much for your advice
(Sorry for my English)
Well, coincidentally, the VPN is now configured by WireGuard, since they recommended that I configure it that way.
But I had the same routing problem to go out through the main router gateway.
As soon as I can, I'll try what my colleague "Thecat12" sent and I'll tell you.
Thank you very much for your advice
(Sorry for my English)
Re: Internet for Remote Gateway
Wireguard is far easier, if the config didnt work it was simply not setup properly.
However, it would seem you would prefer the IPSEC approach, nothing wrong with that, enjoy!!
However, it would seem you would prefer the IPSEC approach, nothing wrong with that, enjoy!!
Re: Internet for Remote Gateway
Good morning
I have applied the following configuration (image attached)
But when I add the route
dst. Address 0.0.0.0/0
Gateway
10.10.10.1
my VPN goes down
What am I doing wrong ?
Thank you
I have applied the following configuration (image attached)
But when I add the route
dst. Address 0.0.0.0/0
Gateway
10.10.10.1
my VPN goes down
What am I doing wrong ?
Thank you
You do not have the required permissions to view the files attached to this post.
Last edited by Tecnico74 on Thu Feb 29, 2024 2:03 pm, edited 1 time in total.
Re: Internet for Remote Gateway
It would be much better if you posted your configuration in textual form, follow this:I have applied the following configuration (image attached)
viewtopic.php?t=203686#p1051720
Re: Internet for Remote Gateway
Code: Select all
# software id = xxxxx
#
# model = xxxxx
# serial number = xxxx
/interface bridge
add name=Bridge_3_16 port-cost-mode=short
/interface l2tp-client
add allow=mschap1,mschap2 connect-to=xxxx.sn.mynetname.net disabled=no \
name=l2tp-VPN use-ipsec=yes user=MM
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-DATONO--2 \
user=PED_TELEM
/interface wireguard
add disabled=yes listen-port=14231 mtu=1420 name=MMCG_WG
/interface list
add name="WAN Interface List"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=Bridge_3_16 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether4 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether5 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether6 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether7 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether8 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether9 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether10 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether11 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether12 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether13 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether14 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether15 internal-path-cost=10 path-cost=10
add bridge=Bridge_3_16 interface=ether16 internal-path-cost=10 path-cost=10
/interface list member
add interface=ether1 list="WAN Interface List"
add interface=ether2 list="WAN Interface List"
add interface=*14 list="WAN Interface List"
/interface wireguard peers
add allowed-address=0.0.0.0/0 disabled=yes endpoint-address=\
xxxxxx.sn.mynetname.net endpoint-port=13231 interface=MMCG_WG \
private-key="gCqIxdxx1xxxJIkIrtmoCN/pLYFhStrSrFxxxxx=" public-key=\
"YQiw4i/8PC827LdGDupXxx1qnrOwzWKd3exxxxx="
/ip address
add address=192.168.4.10/24 interface=Bridge_3_16 network=192.168.4.0
add address=10.10.10.10/24 interface=MMCG_WG network=10.10.10.0
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip firewall address-list
add address=23.88.192.0/19 comment=AFGHANISTAN list=CountryIPBlocks
add address=36.50.21.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=43.230.209.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=43.250.136.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=45.65.56.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=45.116.128.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=45.126.253.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=58.147.128.0/19 comment=AFGHANISTAN list=CountryIPBlocks
add address=59.153.124.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=61.5.192.0/20 comment=AFGHANISTAN list=CountryIPBlocks
add address=64.207.208.0/21 comment=AFGHANISTAN list=CountryIPBlocks
add address=64.224.144.0/20 comment=AFGHANISTAN list=CountryIPBlocks
add address=74.118.80.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=91.109.216.0/21 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.5.172.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.5.196.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.13.64.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.15.38.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.15.238.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.17.60.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.17.165.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.17.166.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.18.160.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.23.36.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.28.132.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.30.136.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.42.0.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.46.208.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.53.16.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.53.24.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.71.59.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.84.97.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.86.124.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.87.88.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.88.192.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.89.152.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.93.254.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.94.24.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.96.233.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.102.220.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.104.146.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.106.182.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.110.53.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.110.54.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.112.164.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.112.177.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.112.178.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.114.128.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.115.14.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.116.25.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.119.24.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.125.186.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.126.4.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.132.98.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.133.75.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.133.82.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.142.212.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.143.204.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.144.237.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.146.104.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.146.146.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.146.198.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.147.232.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.148.70.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.149.39.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.151.88.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.153.80.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.156.190.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.157.85.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.159.163.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.161.236.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.162.126.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.165.190.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.168.193.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.170.98.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.177.206.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.185.231.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.212.160.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.213.104.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.215.210.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.216.160.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.224.127.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.227.16.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.230.252.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.233.183.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.235.176.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.241.156.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.242.50.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.244.144.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.247.198.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.254.166.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=103.255.204.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=111.125.152.0/21 comment=AFGHANISTAN list=CountryIPBlocks
add address=116.204.160.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=116.204.240.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=116.206.188.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=117.55.192.0/21 comment=AFGHANISTAN list=CountryIPBlocks
add address=117.104.224.0/21 comment=AFGHANISTAN list=CountryIPBlocks
add address=119.59.80.0/21 comment=AFGHANISTAN list=CountryIPBlocks
add address=121.100.48.0/21 comment=AFGHANISTAN list=CountryIPBlocks
add address=121.127.32.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=121.127.34.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=121.127.37.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=121.127.38.0/23 comment=AFGHANISTAN list=CountryIPBlocks
add address=125.213.192.0/19 comment=AFGHANISTAN list=CountryIPBlocks
add address=137.59.120.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=149.54.0.0/17 comment=AFGHANISTAN list=CountryIPBlocks
add address=152.36.192.0/19 comment=AFGHANISTAN list=CountryIPBlocks
add address=163.47.160.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=175.106.32.0/19 comment=AFGHANISTAN list=CountryIPBlocks
add address=180.94.64.0/19 comment=AFGHANISTAN list=CountryIPBlocks
add address=180.222.136.0/21 comment=AFGHANISTAN list=CountryIPBlocks
add address=185.178.144.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=185.193.212.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=202.3.76.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=203.171.96.0/19 comment=AFGHANISTAN list=CountryIPBlocks
add address=203.174.27.0/24 comment=AFGHANISTAN list=CountryIPBlocks
add address=203.215.32.0/20 comment=AFGHANISTAN list=CountryIPBlocks
add address=223.26.20.0/22 comment=AFGHANISTAN list=CountryIPBlocks
add address=5.206.232.0/21 comment=ALBANIA list=CountryIPBlocks
add address=31.22.48.0/20 comment=ALBANIA list=CountryIPBlocks
add address=31.41.33.0/24 comment=ALBANIA list=CountryIPBlocks
add address=31.44.64.0/20 comment=ALBANIA list=CountryIPBlocks
add address=31.171.152.0/21 comment=ALBANIA list=CountryIPBlocks
add address=31.222.40.0/21 comment=ALBANIA list=CountryIPBlocks
add address=37.26.64.0/21 comment=ALBANIA list=CountryIPBlocks
add address=37.26.80.0/21 comment=ALBANIA list=CountryIPBlocks
add address=37.35.64.0/21 comment=ALBANIA list=CountryIPBlocks
add address=37.139.112.0/21 comment=ALBANIA list=CountryIPBlocks
............
/ip firewall filter
add action=accept chain=forward comment="Reglas BASICAS" connection-state=\
established,related
add action=drop chain=forward connection-state=invalid
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=output connection-state=established,related
add action=drop chain=output connection-state=invalid
add action=accept chain=input comment="PUERTOS VPN" in-interface-list=\
"WAN Interface List" protocol=udp src-port=500,1701,4500
add action=accept chain=input in-interface-list="WAN Interface List" \
protocol=ipsec-esp
add action=drop chain=input comment="Bloquea Trafico Entrante" \
in-interface-list="WAN Interface List"
/ip firewall nat
add action=masquerade chain=srcnat
add action=netmap chain=dstnat disabled=yes dst-address=192.168.0.0/24 \
to-addresses=192.168.4.10
add action=masquerade chain=srcnat out-interface=l2tp-VPN
/ip route
add disabled=no distance=1 dst-address=192.168.0.0/24 gateway=10.10.10.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 pref-src=\
"" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.0.0/24,192.168.4.0/24 port=1985
set api-ssl disabled=yes
/routing rule
add action=lookup-only-in-table disabled=no src-address=10.10.10.1/32 table=\
main
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=MMCG
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
Who is online
Users browsing this forum: deltagranite and 6 guests