Hi Everyone,
I am in a situation that in I have to set up a router in my workplace to reach our work LAN from home.
There are 3 employees who need a constant, continuous connection from home. Everywhere there are Mikrotik routers.
I tried to connect to the HQ's router from home with my RB with Site-2-Site L2TP. It's working, but can not reach any computers in my home network, can not ping etc. From home I see every PC's HQ's LAN (HQ Mikrotik RB is the L2TP server).
I think it's the disadvantage of L2TP. Or Can I do it with L2TP to see both side's workstations?
HQ has PPPOE connection, but using ddns and Mikrotik Cloud - if one fails.
First time I tried to use IPsec, but it is not support ddns or Cloud. Is it?
Thank You in advance,
tms
Re: L2TP/IPsec - How to work from home?
L2TP assigns a single IP to each connected router, so normally you will have to use NAT on the client router and cannot
see the network behind the client router from the central router.
However, when each client has a different address range on the local network you can set a static route or you can
use routing protocols like BGP to make the routing work automatically.
Then you can reach the client network over L2TP. I have made such a setup with 3 MikroTik routers and it works fine.
see the network behind the client router from the central router.
However, when each client has a different address range on the local network you can set a static route or you can
use routing protocols like BGP to make the routing work automatically.
Then you can reach the client network over L2TP. I have made such a setup with 3 MikroTik routers and it works fine.
-
-
iBlueDragon
newbie
- Posts: 29
- Joined:
Re: L2TP/IPsec - How to work from home?
Hi,
Do you use L2TP/IPsec or just L2TP (which would be insecure)?.
You can use IPsec with dymanic IPs: http://wiki.mikrotik.com/wiki/IPSec_Policy_Dynamic
(of course you would need to extend the script to resolve the DDNS address and correct the IPsec settings)
L2TP/IPsec would be even easier, as you just need to setup the L2TP client with the DDNS address and check 'Use IPsec'. Then the IPsec part will be done automatically on the client side.
To your routing problem (in case you use L2TP(/IPsec)):
Don't add a default route for the connection to your HQ at the client side. Set the route manually and specify a routing mark. Then mark all packets with a destination address inside your HQ network. That way, your home network should behave the same way no matter if you are connected to HQ or not. If you are connected, traffic for devices in the HQ network gets routed accordingly.
Hope that helps.
Kind regards,
iBlueDragon
Do you use L2TP/IPsec or just L2TP (which would be insecure)?.
You can use IPsec with dymanic IPs: http://wiki.mikrotik.com/wiki/IPSec_Policy_Dynamic
(of course you would need to extend the script to resolve the DDNS address and correct the IPsec settings)
L2TP/IPsec would be even easier, as you just need to setup the L2TP client with the DDNS address and check 'Use IPsec'. Then the IPsec part will be done automatically on the client side.
To your routing problem (in case you use L2TP(/IPsec)):
Don't add a default route for the connection to your HQ at the client side. Set the route manually and specify a routing mark. Then mark all packets with a destination address inside your HQ network. That way, your home network should behave the same way no matter if you are connected to HQ or not. If you are connected, traffic for devices in the HQ network gets routed accordingly.
Hope that helps.
Kind regards,
iBlueDragon
Re: L2TP/IPsec - How to work from home?
Thank You, I'll try!L2TP assigns a single IP to each connected router, so normally you will have to use NAT on the client router and cannot
see the network behind the client router from the central router.
However, when each client has a different address range on the local network you can set a static route or you can
use routing protocols like BGP to make the routing work automatically.
Then you can reach the client network over L2TP. I have made such a setup with 3 MikroTik routers and it works fine.