Mikrotik Site to Site vpn
Posted: Sat Dec 24, 2016 9:44 pm
by pixelkop
We have connectivity from data center to branch1 with point to point E1 leaseline with CISCO router. from router there is cable to branch1 switch for local network. all perpole are accessing data center server. for another branch we have configured Site to Site VPN from branch1 to branch2 with Rb750 Working fine. from branch1 Rb750 we have connected one patch cord to branch1 Switch. from branch1 mikrotik i can ping cisco local router and server ip at datacenter. but from branch 2 i can ping branch1 cisco router or any desktop of that branch. but i can not ping data center server.
data center server 192.168.0.254
cisco router Br1 192.168.1.254
rb750 br1 Eth1---internet with Static IP
rb750 br1 Eth2---192.168.1.100----cable connected to switch
rb750 br2 Eth1---internet with Static IP
rb750 br2 Eth2---192.168.5.100
what route should i add to get data center server at branch 2.???
Re: Mikrotik Site to Site vpn
Posted: Mon Dec 26, 2016 7:07 am
by pixelkop
branch 2
# jan/02/1970 00:04:26 by RouterOS 6.15
# software id = IX6K-SGBJ
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] arp=proxy-arp l2mtu=1600 name=\
ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=pptp-pool ranges=192.168.5.10-192.168.5.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master-local \
lease-time=10m name=default
/ppp profile
set 0 local-address=117.218.20.17 remote-address=pptp-pool
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
default-route-distance=1 dial-on-demand=no disabled=no interface=\
ether1-gateway keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=\
disabled name=pppoe-out1 password=password profile=default service-name=\
"" use-peer-dns=yes user=kc2312640022
/interface pptp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.5.100/24 comment="default configuration" interface=\
ether2-master-local network=192.168.5.0
add address=192.168.3.1/24 interface=ether3-slave-local network=192.168.3.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall nat
add chain=srcnat dst-address=192.168.1.0/24 src-address=192.168.5.0/24
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1
/ip ipsec peer
add address=61.1.33.129/32 dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=3des hash-algorithm=md5 secret=test
/ip ipsec policy
add dst-address=192.168.1.0/24 sa-dst-address=61.1.33.129 sa-src-address=\
117.218.20.17 src-address=192.168.5.0/24 tunnel=yes
/ip route
add check-gateway=ping distance=1 dst-address=192.168.0.0/24 gateway=\
192.168.1.254,ether2-master-local pref-src=192.168.5.100
add distance=1 dst-address=192.168.1.0/24 gateway=\
ether2-master-local,ether1-gateway,pppoe-out1 pref-src=192.168.5.100
/ip service
set telnet disabled=yes
/ip upnp
set allow-disable-external-interface=no
/ppp aaa
set use-radius=yes
/ppp secret
add name=bob password=1234 profile=default-encryption
/system identity
set name=NEUP
/system logging
add topics=ipsec
Branch 1
# jan/02/1970 05:50:28 by RouterOS 6.15
# software id = MUHY-Y8VG
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] arp=proxy-arp l2mtu=1600 name=\
ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=pptp-pool ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master-local \
lease-time=10m name=default
/ppp profile
set 0 local-address=61.1.33.129 remote-address=117.218.20.17
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
default-route-distance=1 dial-on-demand=no disabled=no interface=\
ether1-gateway keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=\
disabled name=pppoe-out1 password=password profile=default service-name=\
"" use-peer-dns=yes user=kagalcoopb
/interface pptp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.1.100/24 comment="default configuration" interface=\
ether2-master-local network=192.168.1.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall nat
add chain=srcnat dst-address=192.168.5.0/24 src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1
/ip ipsec peer
add address=117.218.20.17/32 dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=3des hash-algorithm=md5 secret=test
/ip ipsec policy
add dst-address=192.168.5.0/24 sa-dst-address=117.218.20.17 sa-src-address=\
61.1.33.129 src-address=192.168.1.0/24 tunnel=yes
add disabled=yes dst-address=192.168.0.0/24 sa-dst-address=117.218.20.17 \
sa-src-address=61.1.33.129 src-address=192.168.1.0/24 tunnel=yes
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=\
"ether2-master-local,(unknown)" pref-src=192.168.1.100
add distance=1 dst-address=192.168.5.0/24 gateway=\
ether2-master-local,pppoe-out1,ether1-gateway pref-src=192.168.1.100
/ip service
set telnet disabled=yes
/ip upnp
set allow-disable-external-interface=no
/ppp aaa
set use-radius=yes
/ppp secret
add name=bob password=1234 profile=default-encryption
/system identity
set name=HO_VPN
/system logging
add topics=ipsec