L
L
l0ser1402018-04-18 10:20:48
Mikrotik
l0ser140, 2018-04-18 10:20:48

How to raise several l2tp / ipsec tunnels through different communication channels?

There are 2 routers: vpn gateway and client.
The client router has N communication channels available.
Some of them are behind NAT, maybe all of them, so a NAT piercing solution is needed.
PBR is configured, you can wrap traffic into the desired channel using labels.
How to wrap l2tp/ipsec tunnels into different channels? I do not understand on the basis of what it is possible to mark connections.
What are the options?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
A
athacker, 2018-04-18
@athacker

It's not very clear what exactly you want to achieve. So that traffic to certain IPs goes through different uplink interfaces of the client router? Mark L2TP traffic based on DST IP like this, what's the problem?

D
d-stream, 2018-04-18
@d-stream

So what exactly is the problem?
l2tp/IPsec, in general, are able to go through NAT, and PBR will indicate which way they will go. The main thing is not to forget about the path back.

P
poisons, 2018-04-18
@poisons

No way. Or buy another ip / channel to the center, or different types of tunnels.

N
nikolayvaganov, 2018-04-25
@nikolayvaganov

In order for the server to respond through several uplinks, each uplink needs its own routing table.
eth0 - 1.1.1.2/24 gw 1.1.1.1
eth1 - 2.2.2.2/24 gw 2.2.2.1
ip route add default via 1.1.1.1 table 101
ip route add default via 2.2.2.1 table 102
ip rule add from 1.1.1.2 table 101
ip rule add from 2.2.2.2 table 102

K
Kirill Vasiliev, 2018-05-19
@vasilevkirill

Elementary,
Here there will be problems with pure l2tp, since the ports are clearly driven into the standard
, we do this
by raising two ipsec between nodes, you can specify the src address in peers, specify your external addresses, they will be the starting point for determining the choice of route.
then on the nodes we raise the loopback interfaces on the first router
10.255.1.1/32 and 10.255.1.2/32
on the second router 10.255.2.1/32 and 10.255.2.2/32
then
add to the ipsec policy that between 10.255.1.1/32 and 10.255.2.1 /32 goes through the peer of the first provider
10.255.1.2/32 and 10.255.2.2/32 goes through the peer of the second provider
create two routes
to 10.255.2.2/32 where pref-source is 10.255.1.2 and
to 10.255.2.1/32 where pref-source is 10.255.1.1
after which we raise the usual l2tp to nodes 10.255.2.2 and 10.255.1.2

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question