Page 1 of 1
send all traffic through l2tp VPN
Posted: Mon Jul 27, 2020 8:13 pm
by lacibsd
router-A is connected to router-B via L2TP/IPSec. I can connect successfully to router-B, I receive the local network's IP, I see the active connection on router-B.
I want to send all traffic from router-A via this connection, I tried a few things for the past hour, none seems to be working. Do you have a working tutorial?
router -A
model: 951Ui-2nD
current-firmware: 6.46.5
Router-B
model: RB760iGS
current-firmware: 6.44.5
Thank you!
Re: send all traffic through l2tp VPN
Posted: Tue Jul 28, 2020 12:58 pm
by evince
Hello, add a default route 0.0.0.0/0 gw=your_l2tp_tunnel and a nat rule.
Re: send all traffic through l2tp VPN
Posted: Tue Jul 28, 2020 3:48 pm
by lacibsd
Hi,
This is what I have now, where 1.2.3.4 is the VPN server's public IP
ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.0.1 1
1 DS 0.0.0.0/0 l2tp-vpn 1
2 ADC 10.10.14.1/32 10.10.14.36 l2tp-vpn 0
3 ADS 1.2.3.4/32 192.168.0.1 0
4 ADC 192.168.0.0/24 192.168.0.101 ether1 0
5 ADC 192.168.88.0/24 192.168.88.1 bridge 0
ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 chain=srcnat action=masquerade routing-mark=traffic_for_VPN out-interface=l2tp-vpn log=no log-prefix=""
Re: send all traffic through l2tp VPN
Posted: Tue Jul 28, 2020 4:03 pm
by tomaskir
You currently have 2 default routes in the routing table:
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.0.1 1
1 DS 0.0.0.0/0 l2tp-vpn 1
You can see that the one using your "normal" gateway has the "
A" mark.
This means "
Active". Disable the default route over "192.168.0.1", the the other one (over your VPN) will become
Active.
Re: send all traffic through l2tp VPN
Posted: Tue Jul 28, 2020 4:38 pm
by lacibsd
If I try to disable it I get:
ip route disable numbers=0
failure: can change only static routes
Re: send all traffic through l2tp VPN
Posted: Tue Jul 28, 2020 4:52 pm
by lacibsd
I was able to remove the route, however now I can't get out of the LAN from 192.168.88.0/24, while I can still reach my gw on L2TP server and the internet from the MikroTik (L2TP client)
[user@MikroTik] <SAFE> ip route remove numbers=0
[user@MikroTik] <SAFE> ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 l2tp-vpn 1
1 ADC 10.10.14.1/32 10.10.14.36 l2tp-vpn 0
2 ADS 1.2.3.4/32 192.168.0.1 0
3 ADC 192.168.0.0/24 192.168.0.101 ether1 0
4 ADC 192.168.88.0/24 192.168.88.1 bridge 0
[user@MikroTik] <SAFE> ping 10.10.14.1
SEQ HOST SIZE TTL TIME STATUS
0 10.10.14.1 56 64 17ms
1 10.10.14.1 56 64 10ms
2 10.10.14.1 56 64 11ms
3 10.10.14.1 56 64 11ms
sent=4 received=4 packet-loss=0% min-rtt=10ms avg-rtt=12ms max-rtt=17ms
[user@MikroTik] <SAFE> ping 8.8.8.8
SEQ HOST SIZE TTL TIME STATUS
0 8.8.8.8 56 119 20ms
1 8.8.8.8 56 119 20ms
2 8.8.8.8 56 119 21ms
3 8.8.8.8 56 119 20ms
sent=4 received=4 packet-loss=0% min-rtt=20ms avg-rtt=20ms max-rtt=21ms
Re: send all traffic through l2tp VPN
Posted: Mon Aug 03, 2020 9:16 pm
by tomaskir
Post your config:
/export compact hide-sensitive
Re: send all traffic through l2tp VPN
Posted: Mon Aug 03, 2020 11:02 pm
by nichky
try to increase the distance of 0.1
Re: send all traffic through l2tp VPN
Posted: Wed Aug 05, 2020 2:19 am
by lacibsd
At this time the VPN server is having issues and I wasn't told an estimate for remediation.
Therefore I can't try further settings yet.
Thank you for your help!