Hello, new Mikrotik user here, I have previous experience with Sonicwall and a little Cisco/ASA. I have the basics configured on my new Mikrotiks for my company, although they are not in production yet. I have three that need to all go live as close together as possible, including one that is overseas that I must configure remotely. The two US sites each have two WAN connections, the overseas site only has one. I need to setup a VPN between all 3 locations with WAN failover at the US sites, that will keep the VPN connection up if any US WAN connection fails. I do not care about load balancing.
I have been watching YouTube videos and searching the forums, but I have not been able to find exactly what I need. Can anyone point me in the right direction? Thanks!
Re: Dual WAN VPN with failover
Bump. This is a pretty standard setup. Can anyone help with this?
Re: Dual WAN VPN with failover
Please disregard as I am returning these firewalls and buying SonicWalls.
Re: Dual WAN VPN with failover
Hi,
I need to build a similar setup. Does anybody have a hint?
Regards
Martin
I need to build a similar setup. Does anybody have a hint?
Regards
Martin
Re: Dual WAN VPN with failover
1.Use SSTP/OVPN to connect to each IP. You need to configure Mangle Rule and Routing Table to make the network flow using proper WAN connection.
2.Set up EoIP tunnel for each SSTP/OVPN.
3.Set up bonding for each pair of EoIP tunnel. In your case you need 3 bonding.
4.Enjoy!
2.Set up EoIP tunnel for each SSTP/OVPN.
3.Set up bonding for each pair of EoIP tunnel. In your case you need 3 bonding.
4.Enjoy!
Re: Dual WAN VPN with failover
Hi eteranl,
thank you for sharing this solution. As I have read EoIP suffers performance, is there a better alternative? Would this work?
1. SSTP/OVPN to connect each WAN to each pper
2. MPLS/VPLS over VPN tunnel
thank you for sharing this solution. As I have read EoIP suffers performance, is there a better alternative? Would this work?
1. SSTP/OVPN to connect each WAN to each pper
2. MPLS/VPLS over VPN tunnel
Re: Dual WAN VPN with failover
If you can accept tcp connection reset on failover, just use any Tunnel is OK. EoIP and bonding is not necessary.Hi eteranl,
thank you for sharing this solution. As I have read EoIP suffers performance, is there a better alternative? Would this work?
1. SSTP/OVPN to connect each WAN to each pper
2. MPLS/VPLS over VPN tunnel
I think SSTP/OVPN have a serious impact on performance, not EoIP. GRE(IPIP/EoIP/PPTP) is much faster than TCP(SSTP/OVPN).
Re: Dual WAN VPN with failover
But you suggest using SSTP/OVPN as point 1 in your solution. Do I misunderstand?
Re: Dual WAN VPN with failover
I suggest it for security(RSA4096+SHA512+AES256).But you suggest using SSTP/OVPN as point 1 in your solution. Do I misunderstand?
If you need high performance, use IPIP/PPTP instead. Of course, you still need to configure Mangle Rule and Routing Table.