Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
Pavel2017-05-29 17:33:47
VPN
Pavel, 2017-05-29 17:33:47

What is the best way to merge branches?

Colleagues! Comrades! After reading a ton of documentation, I can’t figure out for myself how to do the following task correctly.
There is a central heating center and 30 branches. The task is to combine these branches into one visibility zone. So that each mikrotik sees the subnets of another mikrotik.
The solution, as I understand it for myself, is:
- combine them all into one subnet via vpn;
- ospf dynamic routing setup.
Now everything works through IPSec and there is a connection between the branches and the CO. But there is naturally no connection between the branches. How to do it right? (in general, it all started because of VoIP traffic, since RTP works, but the voice does not go, since everything should be on the same network).

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
P
Pavel, 2017-06-08
@digital_punk

Thanks to all!
Here is the full answer for people looking for the answer to the same question as me.
In the current structure, I got a star topology, in which the core is Cisco 2811, and the rays are Mikrotik RB951. Yes, of course, a fully connected topology is better, but it will turn out to be hellish in terms of administration - there are 30 tunnels on each Mikrotik :). If you want full connectivity, then Cisco DMVPN is best (but expensive, although it works beautifully and clearly).
1. We make GRE tunnels.
2. Set up IPSec in TRANSPORT mode.
3. Then we raise OSPF so that the Tsysk exchanges routes with Mikrotiks through the tunnels.
In this connection, it worked for me. There is no limit to joy) Of course, the settings there are still far from ideal, but there is a beginning. I'll write back later when everything works in production.
PS: today launched into production. Everything is great and working. The sound goes between the phones, which was originally the task. GREoverIPSec works in TRANSPORT mode. NAT-Traversal (that is, three points are behind NAT) also works. Routing - through OSPF. Of course, the only negative is the central router in the central heating center, perhaps in the future it will somehow be possible to get rid of the weak spot. Thanks to all!!!

Report
D
Dmitry Alexandrov, 2017-05-29
@jamakasi666

If you want it easier and decentralized (so that there is no central link that can drop the entire network), then do GRE tunnels with IPSEC between each tick. Set up very quickly, works reliably. The most important thing is to set the correct MTU and MSS.

Similar questions
T
tixarinal2016-05-12 09:57:50
How to create a DualVPN to access the Internet using the TOR scheme? 0Reply
F
fox7777777772021-12-13 19:54:10
How to connect two computers to the same VPN so that one is as a server and the other as a client? 2Reply
V
Vladimir2014-03-17 02:33:21
What is the best VPN service of 2014? 6Reply
I
Ilya Kuznetsov2016-05-17 14:35:31
Voip over vpn? 3Reply
K
kipishio kipishio2018-10-16 08:43:25
How to check whether pots are open or not, and whether UDP traffic is allowed or not - between mkrotik routes over the VPN channel? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question