2 Mikrotika, EoIP via PPTP = problems with traffic routing. How to setup?

X

xooler2014-12-06 21:20:52

VPN

xooler, 2014-12-06 21:20:52

Tasks:
1. Throw out WinBox router 2 on a 4G Modem to Public IP 1.1.1.1
2. Throw DHCP from 192.168.60.5 through Relay, so that the network is transparent to all network clients.
3. In the future, 2 IP Cameras will be connected to the router via LAN. I would also like to see them somehow through a public IP.
We have: Router
1.
RB951G-2HnD which is connected to the Internet through the 1st port, which is usually called WAN
On the 1st WAN port, a static ip from the provider 1.1.1.1
DHCP + NAT is raised
Next, the network of the 192.168.60.x format is
Raised PPtP server 192.168.60.5 - 192.168.60.115
EoIP tunnel up 192.168.60.5 - 192.168.60.115
Router 2.
RB951G-2HnD which is connected to the Internet via 4G Modem MegaFon M-150 aka Bad Path E3276.
There is no 4G at the location of the router yet, but there is HSPA + with a speed of 8Mbit Down & 1.2Mbit Up
2 NetWatch rules are used:
1. checks ping up to 8.8.8.
2. checks the ping of the main router 192.168.60.5 If there is no ping, turn off and on the interface.
Raised DHCP + NAT
Further network format 192.168.88.x
Raised PPtP server 192.168.60.115 - 192.168.60.5
Raised EoIP tunnel 192.168.60.115 - 192.168.60.5
When performing ping, the routers see each other.
On the PPTP interface, only ICMP ping.
On the EoIP interface, only ARP pings pass.
Why is this happening?
How to properly configure everything and wrap internal traffic from the 192.168.60 network (we will use DHCP Relay) from the second router to EoIP, and the Internet to 4G?
I read a lot of articles, but everyone's case is different. I didn't find anything similar to mine. I look forward to advice and links.
PS
There will probably also be problems with MTU in EoIP due to a 4G modem ... Here, too, sound thoughts on the topic will be required.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

Cool Admin, 2014-12-08
@ifaustrue

Ufff, really porridge. In order to understand everything, we first try to present the picture "as it should be"
1. It is necessary that the local networks of both sites are different.
a. different from each other
b. Differed from service / transit networks
2. It’s not clear why both PPTP and EoIP are used, therefore we throw out the first one, leave only the EoIP tunnel and make it through the standard settings (we will add IPSec security as a seasoning on top, but later)
a. They raised the tunnel, raised the address from the transit network at each end (for example, 172.16.0.0/30), pinged the addresses inside the
tunnel to site B with the network B.V.V.B will be
В.В.В.В gateway=IP_EOIP_B
And vice versa
AAAA gateway=IP_EOIP_A
4. Exclude such traffic from NATA and allow it in the Filter, check pings go between wheelbarrows.
5. If, for some unknown reason, you also need PPTP on each site, then we raise it in _other ranges_!
6. IP Sec to taste in transport mode (everything is simple there) - google it.

S

Sergey SA, 2014-12-08
@resetsa

some kind of porridge.
or style of presentation.
I'll try to understand first
there are 2 points with routers, the task is to make a common L2 network. (We are not talking about the rest yet)
in this case, you need an eoip tunnel between Mikrotiks, you do not need to hang addresses on the tunnel interfaces.
the tunnel needs to be built between external addresses.
after the tunnel is configured, you need to include in the LAN bridge the interface (distributing addresses) and the eoip tunnel interface, on the other hand, in the LAN bridge and eoip tunnel.