Hi Forum.
I have my mikrotik - which I'll like to get working as VPN server for several clients.
Round the world we have several networks behind a Westermo Layer3 Switch Lynx model - Those Westermo should be the initializing part in the VPN
They don't have internet the whole time - therefor they should be the initializing part.
I have these options of creating a SSL VPN - But I cannot get it to work along Mikrotik VPN - And starting getting worried if I making this correctly.
With these setting - we ending up with several different Westermo that all connect to the Mikrotik VPN
My Mikrotik is 10.0.0.1/8 Network
Each VPN(LAN2LAN) -- should connect as 10.1.1.1/24 for this the next Westermo should be 10.1.2.1/24 --> Connecting as a new /24 subnet for each Westermo
Each Westermo are configured as the same with internal network as 192.168.0.1/24 - each westermo should make the VPN back to HQ Mikrotik
Can anyone tell me if this is possible from these options of setting a SSL VPN in the Westermo
In the end - we'll have 20 different Westermo that'll connectr to the Same mikrotik
Each Westermo should gain the IP from Mikrotik as 10.1.X.1/24 - so you'll have full access to the Local LAN behind the Westermo
VPN Troubles Regarding Which type VPN
You do not have the required permissions to view the files attached to this post.
Re: VPN Troubles Regarding Which type VPN
OpenVPN on MikroTik only supports TCP as far as I'm aware. Additionally, you'll need to verify that your industrial Ethernet product (Westermo) can perform NAT selectively towards the MikroTik for the double NAT technique to work. The MikroTik end has to know which 192.168.0.0/24 network originated the traffic. You can do this via MASQUERADE if you only need devices on 192.168.0.0/24 to initiate communication with other devices. If you need bi-directional communication you'll need a netmap type of NAT to allow you dynamically map the 192.168.0.0/24 addresses at each site into their 10.1.x.0/24 equivalent.
Man, you've gotta love these industrial applications that assume/need/want to always be on the same IP numbering scheme. I built this fancy xyz robot but it always has to have the IP of 192.168.0.4/24 or it will simply implode.
My 2 cents. Just toss a MikroTik device out their instead of this unique "hardened" device. Additionally, MikroTik is releasing or has released a hardened device if that's a must have, LtAP that could at least act as the routing head and you could place a dumb switch product on the DIN rail behind it. I once fought with a 1,200 USD wireless bridge from a well known industrial manufacturer that couldn't even connect to an open unencrypted SSID much less a WPA2 network. What'd we do? We needed about 100 of these devices, so we bought 300 D-Link wireless bridges with the thought that as they burned out we'd just replace them. The D-Link's were less than 50 USD. We saved thousands of dollars, over 2 years we replaced 3 of the D-Link units. Lesson, unless it is clearly, absolutely, unequivocally required that device sustain extreme environmental pressures I think you'll be pleasantly surprised with the price to performance ratio that common consumer electronics can deliver over these fancy ISM products and brands. They often focus way to much on the environmental concerns and their software stacks are anywhere from garbage to mediocre.
Man, you've gotta love these industrial applications that assume/need/want to always be on the same IP numbering scheme. I built this fancy xyz robot but it always has to have the IP of 192.168.0.4/24 or it will simply implode.
My 2 cents. Just toss a MikroTik device out their instead of this unique "hardened" device. Additionally, MikroTik is releasing or has released a hardened device if that's a must have, LtAP that could at least act as the routing head and you could place a dumb switch product on the DIN rail behind it. I once fought with a 1,200 USD wireless bridge from a well known industrial manufacturer that couldn't even connect to an open unencrypted SSID much less a WPA2 network. What'd we do? We needed about 100 of these devices, so we bought 300 D-Link wireless bridges with the thought that as they burned out we'd just replace them. The D-Link's were less than 50 USD. We saved thousands of dollars, over 2 years we replaced 3 of the D-Link units. Lesson, unless it is clearly, absolutely, unequivocally required that device sustain extreme environmental pressures I think you'll be pleasantly surprised with the price to performance ratio that common consumer electronics can deliver over these fancy ISM products and brands. They often focus way to much on the environmental concerns and their software stacks are anywhere from garbage to mediocre.