L2TP Mikrotik + Windows client - how to use different gateways for different purposes at the same time?

E

EnZo_Smile2016-03-29 18:44:33

Windows

EnZo_Smile, 2016-03-29 18:44:33

I have a Mikrotik router. It has several subnets configured for each of which a bridge has been created: several physical ports to one bridge, several to another, and an l2tp server profile to a third.
Task.
It is necessary that a person (hereinafter - several or many people) from home connects via l2tp to work. In this case, the address is given to it from the subnet 192.168.2.0/24, and access is given to it to one of the addresses 192.168.0.0/24. Nothing else is given access. But at the same time, a person must still use his home Internet.
And here is the dilemma.
Or, in the connection settings on the client, use a gateway from a remote network, and then the client can use all the necessary resources, but at the same time he goes to the Internet not from himself, but from the organization, which is not necessary. Or if you remove the gateway and use your own, then resources from other subnets become inaccessible, and a person simply cannot work.
I'm setting up a VPN for the first time, and in general I'm not a very experienced enikey worker in network matters. I suspect that the problem is solved simply. In general, a person needs to use both his Internet and resources from other subnets of the organization, connecting via L2TP + IPsec.
How to be?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Romanov, 2016-03-30
@EnZo_Smile

If everything was decided with the setup of L2TP itself, then you need to register a route to the necessary resources through this tunnel. Small soft ones, as you know, follow the precepts of Lenin and "Go their own way", so setting up routes on Windows is not a trivial matter. Depending on the version, the settings may differ, but you will catch the general meaning. I am writing on the example of win10, which is at hand.
Network and Sharing Center - change adapter settings - right click your l2tp - properties - network tab - IP version 4 - properties. Next, the "Additional parameters" button or something like this (I have English Windows, just Advanced) - and uncheck the "Use default gateway" checkbox. The second checkbox will become active: do not add a route based on classes. Install it and reconnect.
I hope Mikrotik has a static ip set in the PPP profile, let's say 10.0.0.1.
Then in Windows you need to register the route, having previously learned the l2tp interface number. This is done with the route print command and at the very beginning of the output you will see the interfaces with their automatically assigned numbers at the beginning of the line. Find the l2tp connection number, I need it, I had it 26.
Then add routes to the necessary resources as follows:
Routes do not work without specifying an interface, at least I could not make them work differently. And one more thing: it definitely works with specific ip-addresses, but I won’t speak for the subnet, in my opinion, there were some difficulties. If you need a Broadcast Domain, use OpenVPN. Simple and secure. The only drawback is that you need to install third-party software.