Hi! I have 3 sites. That i would like to connect via site-to-site VPN. Тhe problem is that none of the sites has either public IP or stable internet connection. So I have installed CHR on VPS. I have configured L2TP tunnels from remote sites to VPS. Configured routes on VPS CHR for all the remote sites. I am able to ping both remote routers and remote subnets from VPS CHR.
I have set up routes on remote sites for each network via the VPS CHR. And i am able to ping both the routers and remote subnets from the subnet machines. BUT i am no able to ping other router from the routers in the remote sites via vpn tunnel.
The network layout
VPS: 192.168.25.1/24
Site1: 192.168.1.1/24
Site2: 192.168.70.1/24
Site3: 192.168.90.1/24
For example from PC1 (192.168.1.10) i can ping both the remote router (192.168.70.1) and remote PC2 (192.168.70.10). But i cannot ping from router (192.168.1.1) in Site1 any other routers in SIte2, Site3 (192.168.70.1, 192.168.90.1).
Firewall is not configured in VPS CHR.
What might be the problem?
And how is it possible to grant access to resourcers in remote sites via WAN of VPS CHR?
I have created a rule dst-nat to forward trafic from VPS to Site1 PC, but it doesnt seem to work.
Re: Site-2-Site VPN
Hi,
I've the same setup. But i've fixed IPv4/IPv6 addresses everywhere.
That's not a problem with dyndns (script) or /ip cloud function by mikrotik (it's a dyndns like).
I've setup fews wireguard tunnels between each sites like :
1<-->2
2<-->3
3<-->1
So each site has two tunnel and has route for access the remote by the specific tunnel.
Just follow this guide https://help.mikrotik.com/docs/display/ ... uardtunnel
I used more than one subnet on each site, so i have lot of route but its the same principe.
For WG, i use an other subnet /24 in class C with only /30 for both endpoints of each tunnel ; i also named my wg interfaces not wg0, wg1.... but wg_site1_to_site2 for easy understand.
On each site, i create in chains input/ouput that allow all from each site (address-list with public dns names, so fixed or not, its the same).
And i use the forward chain to control the traffic between all thats is local<-->remote.
I've the same setup. But i've fixed IPv4/IPv6 addresses everywhere.
That's not a problem with dyndns (script) or /ip cloud function by mikrotik (it's a dyndns like).
I've setup fews wireguard tunnels between each sites like :
1<-->2
2<-->3
3<-->1
So each site has two tunnel and has route for access the remote by the specific tunnel.
Just follow this guide https://help.mikrotik.com/docs/display/ ... uardtunnel
I used more than one subnet on each site, so i have lot of route but its the same principe.
For WG, i use an other subnet /24 in class C with only /30 for both endpoints of each tunnel ; i also named my wg interfaces not wg0, wg1.... but wg_site1_to_site2 for easy understand.
On each site, i create in chains input/ouput that allow all from each site (address-list with public dns names, so fixed or not, its the same).
And i use the forward chain to control the traffic between all thats is local<-->remote.