Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
netraven2014-09-11 09:56:31
Mikrotik
netraven, 2014-09-11 09:56:31

How to transparently organize a backup VPN PPTP channel on Mikrotik RB750GL with one ethernet port bound to it?

The router has a separate Internet channel and is not connected to the main network. You need to create a backup channel through a VPN connection to the central office for a subnet like 192.168.2.0/24 transparently. If the main communication channel or the main router fails, then we physically switch the link to the dedicated RB750GL port and temporarily get access to the central office network.
I separated one port "ether5-C24-local" and gave it an address that matches the address of the current gateway of this subnet (192.168.2.254 ), and also created a VPN client interface "pptp-G1". Addresses in the subnet are set statically, it is not required to raise DHCP. Masquerading, apparently, should be added for the "pptp-G1" interface? It remains to correctly direct traffic from the port and back using marking. How to correctly write rules in Mangle and ensure traffic goes between "ether5-C24-local" and "pptp-G1"?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
Cool Admin, 2014-09-11
@ifaustrue

Ok, I didn’t quite understand the part where you describe your tunnel settings, but if everything is correct and the network and the PC in it are available to you on the other end, then all you need to do is create a second route to your office network, specifying the address as the gateway tunnel from the remote office. Assign the route a metric higher than the current rule that routes this traffic. When the channel goes down, the traffic will go to the office automatically (if the link goes down), or you can create a NetWatch executor that launches a metric change script when the network appears/disappears.
In this case, no switching of wires is necessary, just like masquerading.
Total if on the fingers:
There are two Internet channels 1 - the main one and it has an office network 2 - a backup and a PPTP tunnel is raised through it.
You need to create a route to the PPTP server through the gateway of the second provider, create a route to the office network through the gateway of the first provider (metric, say, 10), create a route to the office network through the tunnel - the gateway is the address of the tunnel server (metric, say, 20). When the channel falls, we change the metrics in places, make sure that the tunnel is established only through the second channel, otherwise it’s not very correct =)

Similar questions
U
unlik2015-02-23 18:00:23
Printer and mikrotik? 3Reply
K
koshnv2021-02-27 08:36:01
What are the options for routing office traffic between the Internet and the enterprise intranet? 1Reply
K
Kirill 12021-02-28 20:28:08
How to release users through the second mikrotik provider? 1Reply
S
sash9992019-07-30 15:08:47
Management VLAN on mikrotik - how to set it up correctly? 1Reply
O
Oleg Shevchenko2021-03-03 08:35:54
SIP trunk in vlan (mikroik)? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question