Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
U
U
user-k2016-05-04 18:57:44
openvpn
user-k, 2016-05-04 18:57:44

Combining more than 10 remote offices into one network using mikrotik?

Greetings. I have the task of combining more than 10 remote offices into one network. The main mikrotik router and the ACS server are in the head office, in remote offices there will also be mikrotik routers and 4-6 readers (each reader has its own ip). At the same time, there are several computers in the head office - ACS clients. I would also like to have access to each of these offices from my home computer (some will have 1-2 more computers). All of this needs to be properly organized.
At the moment, I have an openvpn server up and connected to one of the offices. This office has 6 readers and 2 computers. Everyone sees each other. The subnets in them are different and forwarded routes to each other. But from my home computer, through the central router, I can't get to the computers in the remote office. I understand that you can bother with routing and it will somehow work out, but it seems to me that there are some better options.
Static ip only on the central router. I thought about a single, address space. Raise eoip over ovpn, I don’t know how acceptable this is. Or is everything to be decided by ovpn and routing?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
K
Kirill Vasiliev, 2016-05-04
@user-k

Well, for starters, ask yourself, do you need L2? after all, L2 is very heavy and does not like delays and large jitter.
If L3, then I would build on IPIP tunnels, and where there is no external IP, sstp would be raised, and routing would be implemented using OSPF. and after the network was up, I weighed the pros and cons of whether you need IPSec.
If there is an ACS, then only the ACS can encrypt and no more than that, or maybe no one needs such information ?!
I will say this OSPF with 10 points can be configured in one hour.
with IPSec a little longer

Report
A
Alexander Karabanov, 2016-05-04
@karabanov

Too complicated, cumbersome, resource-intensive and inefficient. OVPN is not well implemented in Mikrotik anyway, and for some reason you also want to shove EoIP into it ...
Just use IPsec. It is simple, reliable, convenient, effective. An IPsec client is available everywhere from Windows to iPhone (that is, you can manage the network from anywhere from your phone), no need to pervert with installing the client. IPsec can work through NAT, you can tighten authorization by certificates, etc., etc. In Mikrotik, IPsec is implemented at the proper level.

Report
E
Eugene, 2016-05-05
@misant

I have a similar scheme - the Central Office, Cloud Core in it, in pfSensy branches. Everyone is friends with each other using GRE-over-IPsec. Potentially, OSPF can also be screwed on, but so far everyone sees each other on statics, the scheme is stable.
Previously, there was pure IPsec, there were difficulties with politicians, and branches only saw the office, but in order to see each other, they would have to do terrible monster policies. IP-IP is also good if OSPF is not needed.

Similar questions
N
Nirr2018-04-16 23:00:29
How to make telegram ↔ local proxy ↔ VPN ↔ internet? 5Reply
G
greefon2012-10-03 11:59:21
Features of routing in CentOS or a story about crooked hands. What am I doing wrong? 11Reply
B
Booblik092018-04-26 17:16:40
Can you give ready-made settings for OpenVPN for clients to access the Internet through a remote server? 2Reply
J
Jeditobe2012-11-13 13:37:24
Tell me a router with built-in support for OpenVPN 7Reply
P
Puma Thailand2012-11-19 11:23:10
Is there a linux distribution for creating a vpn server 7Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question