How to set up routing between vpn server clients?

S

semax952018-08-02 16:01:30

VPN

semax95, 2018-08-02 16:01:30

Good afternoon.
There is such a network scheme:

Debian 9 operating system on the server.
I want to set up the network so that clients who connect to the vpn server can access clients for microtic. But at the same time, clients used different Internet: those who connected to the vpn server used the Internet on the vpn server, and those who behind microtic used the Internet that is on microtic.
Prompt how to configure correctly routing?
Thanks res2001 , completely forgot to specify the vpn server, server: l2tp/ipsec

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

O

Oleg Popov, 2018-08-03
@Maestrosoft

I would make....
1. Raised OSPF on the server and mikrotik_e.
2. Declared the network 192.168.42.0/??? on server.
3. I announced two networks on mikrotik_e: 192.168.42.0/?? and 172.30.0.0/??
Because (most likely) on the server, the default gate is Internet access, then all clients from the network 192.168.42.0/?? (except for mikrotik_a itself) must jump through NAT to the Internet server.
On Mikrotik, use the default gate to access the Internet (your own), and for network clients 172.30.0.0/?? - the gate itself Mikrotik.

K

krosh, 2018-08-03
@krosh

l2tp/ipsec are protocols, not a service version. Most likely you are using StrongSwan. Switch to IKEv2, all the right guys have already done so long ago, it's easier to maintain than l2tp.
You need to add two static routes on debian server and mikrotik.
Debian: ip route add 172.30.0.0/24 via eth0
Mikrotik: ip route add 192.168.42.0/24 via eth0
The commands are written conditionally. eth0 - Wirth. vpn adapter. Don't forget to allow forward traffic on both routers so that traffic to the subnet goes through. Traffic will go to the Internet along the default route, and to the prescribed subnet through the vpn connection interface.