PLZ Help to make site to site vpn

Jimmy · Tue Nov 12, 2013 11:19 pm

Hi all
I am sorry for posting this, but I have rely no time left, and I rely need help, I no I have a lot reading to do, but I have to try asking the hardcore in here.
I need to setup a Site To Site VPN like the pic in here. I know it is not the best way to do it, but We are closing down one office, and we need to close down the server in that end, and move all pc and printer over to one domain, with only DC, DHCP and all in one end.

I found this: http://www.nasa-security.net/mikrotik/l ... ik-how-to/ but I need a guide, running only on one SUP

I do not think hardware from mikrotik is an issue, I have one CCR1036-12G-4S, one RB2011UiAS-RM and one RB2011UAS-2HnD-IN in stock, I think 2 of this hardware will do it?

Can anyone plz tell me a quick way to set this up, command or winbox, then I will try read more in to this, but now I rely, like many others, have no time left

Hope to hear from you.

Cheers
Jimmy

Rudios · Wed Nov 13, 2013 8:11 am

The link you mentioned will help you a lot.
That completely describes the steps to be taken for your tunnel to work.
Have you tried following them, and ran into problems?

Jimmy · Wed Nov 13, 2013 3:15 pm

ya, the problem is i need one big lan with sup 255.255.240.0 where i have dhcp ind only one end, maybe it is to mucth, cuss it ditten work, but i am trying in 30 main again.

Jimmy · Wed Nov 13, 2013 8:34 pm

Hmm to start with I am stock with IPSEC Firewall Rules

Next I am stock with one big lan only cuss what to route?
Again I no I have a lot reading to do, but right now the time is up, and that is also why post in the beginners forum to ask the hardcore users in here, cuss I am sure it will only take them 1 min to point this out, and for me 2 days and maybe more

Cheers
Jimmy

efaden · Wed Nov 13, 2013 8:43 pm

Hmm to start with I am stock with IPSEC Firewall Rules
Next I am stock with one big lan only cuss what to route?
Again I no I have a lot reading to do, but right now the time is up, and that is also why post in the beginners forum to ask the hardcore users in here, cuss I am sure it will only take them 1 min to point this out, and for me 2 days and maybe more
Cheers
Jimmy

What you need to do is setup an EOIP or some other sort of Layer 2 tunnel between the two sides. Once you have that Layer 2 broadcasts will work ... and thus you can have a single DHCP server on the one side. Basically you want to run EOIP or IPIP over IPSec. You can't do that with straight IPSec...

-Eric

Jimmy · Thu Nov 14, 2013 1:12 am

HMM i can't get any of this to Work, i follow the http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP but no link

Can you maybe post an ex from my pic plz?

cheers
Jimmy

efaden · Thu Nov 14, 2013 2:01 am

HMM i can't get any of this to Work, i follow the http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP but no link
Can you maybe post an ex from my pic plz?

cheers
Jimmy

Assuming you have all default configurations and nothing is blocked by firewalls etc....

On Site A:

ros code

/interface eoip add remote-address=WAN_IP2 tunnel-id=0 name=eoip-siteb disabled=no
/interface bridge port add bridge=bridge-local interface=eoip-siteb

On Site B

ros code

/interface eoip add remote-address=WAN_IP1 tunnel-id=0 name=eoip-sitea disabled=no
/interface bridge port add bridge=bridge-local interface=eoip-sitea

That gives you a bare EOIP tunnel WITHOUT encryption. Try that first and see if it works. Ensure that you can ping whatever IP you have assigned to bridge-local on each side. Once you get that then just wrap it with IPSec.

If that isn't working then post your export from both sides so I can take a look.

-Eric

Jimmy · Thu Nov 14, 2013 11:21 pm

Ok i give up

i can't get it to Work

efaden are you the man for a littel help, cuss i rely need it now

My contact is dk-f55@hotmail(dot)com

Cheers
Jimmy

efaden · Fri Nov 15, 2013 1:35 am

Ok i give up i can't get it to Work
efaden are you the man for a littel help, cuss i rely need it now

My contact is dk-f55@hotmail(dot)com

Cheers
Jimmy

Emailed you.