Answer the question
In order to leave comments, you need to log in
How can branch Mikrotiks connect to the WAN of the head Mikrotik through a provider with a dynamic IP?
The situation is as follows...
There is a Mikrotik at the head office with four ISPs that replace each other if one of them goes down. The first provider of this Mikrotik is with statics, and the rest with dynamics (PPPoE). And there are also branch Mikrotiks with static addresses 1.2.3.4, 5.6.7.8, and so on. There are many such branch Mikrotiks.
A PPTP tunnel has been set up for communication between the Head Office and branches. So far, the head Mikrotik uses the IP address of the Internet provider with static for the PPTP tunnel.
How can branch Mikrotiks automatically set up a PPTP tunnel with Mikrotik of the head office if Mikrotik of the head office has a provider with static? There will be three providers with dynamics. But how do branch Mikrotiks know about their dynamic IP address? Is there some simple way to notify branch Mikrotiks about the provider's dynamic IP?
Answer the question
In order to leave comments, you need to log in
Everything is much easier. Enable mikrotik cloud service - IP → Cloud →DDNS. Get a name based on the serial number of the device (the method will not work in case of RouterOS x86). You register this name as a PPTP server on branch routers. That's all there is to it. The IP of the head office has changed - the connection is broken, but the name will be automatically reassigned to the new IP, and the branches will automatically reconnect.
We turn on the routers.
Winbox -> IP -> Cloud -> DDNS Enabled - enable. We will need the DNS Name next.
System -> Scripts -> Create a script. The following is an example for an EoIP tunnel.
# Here we get the IP from the DNS name of the main router.
:local WANLocale [:resolve **********.sn.mynetname.net]
# Get the local address from the EoIP tunnel. Tunnel determined by id
:local IPSLocal [/interface eoip get [/interface eoip find tunnel-id="15" ] local-address]
# Here we get the IP from the DNS name of the branch router.
:local WANRemote [:resolve **********.sn.mynetname.net]
# Get the remote address from the EoIP tunnel. The tunnel is determined by id
:local IPSRemote [/interface eoip get [/interface eoip find tunnel-id="15" ] remote-address]
# Next, compare the IPs obtained above and change them if they have changed.
if ($WANLocal != $IPSLocal) do={
/interface eoip set [/interface eoip find tunnel-id="15"] local-address=[:resolve **********.sn.mynetname .net]
}
if ($WANRemote != $IPSRemote) do={
/interface eoip set [/interface eoip find tunnel-id="15"] remote-address=[:resolve ********** .sn.mynetname.net]
}
Run the script into the scheduler, start every minute.
On branch offices it is similar, only we substitute the DNS name in reverse. Where the main one is, we write the branch, where the branch is the main one.
Second example, for PPTP.
It should be done only at branches. I will not comment, I think everything is clear from the example above.
We use only the DNS name of the main router, we find the interface by the comment
:local WANRemote [:resolve **********.sn.mynetname.net]
:local IPSRemote [/interface pptp-client get [/interface pptp-client find comment="Alex" ] connect-to]
if ($WANRemote != $IPSRemote) do={
/interface pptp-client set [/interface pptp-client find comment="Alex"] connect-to=[:resolve * *********.sn.mynetname.net]
}
Good luck
It is better to raise your DNS, there is a good option that is always stable, this is dns from yandex. API changes instantly.
On the main router, add a script to the schedule that will pull the URL of some kind of hosting, and write IP there, slave routers can also request this IP using scripts. But again, this option, if you have your own web hosting, you do not need to pay for DynDNS.
Regarding the dynamics of Yurik. I also thought that there should always be static. Like the most self-evident.
An, no! Accounting offices and all sorts of saleswomen like realtors and other wicked people who write ads on the sites need dynamics. They are banned. They chose the simplest way - dynamics and rebooting the router.
I ran into this when the server moved and for the servicing accounting firm I had to raise vpn instead of the classic filter to their address.
This is a pretty standard situation. For example, at a number of offices that I service is exactly the same. I use ospf and route costs, and I raise tunnels through all providers. Well, with dynamic IP, of course, ddns.
As for the notification, you can use a script at the head office that pings all your clients with a certain number of bytes, for example 1000. Clients, based on incoming ITMP requests, put IPs in a certain address list. Then only your imagination :)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question