How to organize a fault-tolerant VPN connection (Mikrotik)?

S

stevi-gw232020-11-30 15:11:09

VPN

stevi-gw23, 2020-11-30 15:11:09

Good afternoon.
There is a need to organize the smooth operation of office and remote employees.
The initial data is as follows:
OFFICE_1

GW01 Router Mikrotik RB750Gr3 172.10.100.1/24
ISP1 has an external static address of 1.1.1.1
ISP2 has gray address 192.168.10.10

OFFICE_2

GW02 Router Mikrotik RB750Gr3 172.20.100.1/24
ISP1 has an external static address of 2.2.2.2
ISP2 has gray address 192.168.20.20
terminal server

Now everything is organized as follows: An L2TP server is configured on GW01 , GW02 connects to it as a client, behind which a terminal server is located. Thus, employees from OFFICE_1 can work with the server. If the main provider ( ISP1 ) is unavailable , all VPN clients disappear on GW01 .
Actually, this and all the question is how to implement a backup channel for VPN? Whether it is possible to solve a question without the static address on ISP2 ?
I would be grateful for any solutions and tips.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrey Barbolin, 2020-11-30
@stevi-gw23

You raise 2 VPN channels
GW01 ISP1 - GW02 ISP1
GW01 ISP2 - GW02 ISP1 You configure
inside OSPF, it will switch routes itself depending on the availability of VPN channels.
LT2P is not the best performance option, try IPsec.

A

AntHTML, 2020-11-30
@anthtml

Raise the opposite L2TP from ISP2_GW01 to ISP1_GW02 and scatter priorities with metrics

M

MaxKozlov, 2020-11-30
@MaxKozlov

And where to send packets if there is no address on the Internet?
You can, of course, sandwich a variant with a virtual machine somewhere on the internet with a white address and a channel that is built by Mikrotik to it through ISP2. But the provider's white address is easier in my opinion :)