MikroTik

Hi everyone,

I have have a particular use case, where I need to route all the traffic from one router which is located in another location, through another one. Thing about this as a VPN Host / Client.
Now, I know how I can set-up a VPN on the Host so that I can connect to it with build-in windows IPSec, however I have no clue how I can do this network wide.

The Host will be connected directly to the ISP, so it will have an external IP.
The Client, if possible I would like to connect it to the internet through another router, so that only those people who are connected to the client have all their traffic routed through the host. If not possible, I`ll connect the client directly to the ISP so it also has an external IP.

Can anyone please direct me how would I achieve such a thing ?

Cheers!

Not nearly enough info. What routers are they, MT? Do they have public IPs?
Would need a detailed diagram at least.

It appears that you have two RouterOS devices, one designated as "C" for client and the other as "S" for server, which has a public IP address.
Your need to establish a VPN connection between the two devices, it could be WireGuard/IPIP/SSTP... Once the VPN connection is established, you will need to apply a "mark-routing" mangle rule to direct all incoming traffic from C's bridge to S. Additionally, you will need to implement a "masquerade" rule for incoming traffic on S's VPN interface in order to enable it to communicate with the internet interface. This should suffice for your needs.

Not nearly enough info. What routers are they, MT? Do they have public IPs?
Would need a detailed diagram at least.

Yes. mikrotik routers. Will make a diagram asap.
The Server side has Public IP.
The Client side, I can provide it with Public IP, however I would prefer not to, so that I don`t route the whole traffic trough the VPN to the server.

It appears that you have two RouterOS devices, one designated as "C" for client and the other as "S" for server, which has a public IP address.
Your need to establish a VPN connection between the two devices, it could be WireGuard/IPIP/SSTP... Once the VPN connection is established, you will need to apply a "mark-routing" mangle rule to direct all incoming traffic from C's bridge to S. Additionally, you will need to implement a "masquerade" rule for incoming traffic on S's VPN interface in order to enable it to communicate with the internet interface. This should suffice for your needs.

Thanks a lot for the explanation, will test it out this week.
The idea is that these 2 routers are in 2 separate countries, and in order for the client to work he must route all his traffic through the server router.
The server is exposed to a public IP, and the client is not (the reason is that I don`t want to route all the machines connected to the client through the server/vpn router), however, because you mentioned the masquerade, I think I can expose the client router to a public IP as well, and set specific rules so that only the machine which needs all its requests routed through the server.
Do you have any articles/guides I could read in order to get a better grasp of the stuff I need to do?

Thanks again for the detailed respones!

It appears that you have two RouterOS devices, one designated as "C" for client and the other as "S" for server, which has a public IP address.
Your need to establish a VPN connection between the two devices, it could be WireGuard/IPIP/SSTP... Once the VPN connection is established, you will need to apply a "mark-routing" mangle rule to direct all incoming traffic from C's bridge to S. Additionally, you will need to implement a "masquerade" rule for incoming traffic on S's VPN interface in order to enable it to communicate with the internet interface. This should suffice for your needs.

Thanks a lot for the explanation, will test it out this week.
The idea is that these 2 routers are in 2 separate countries, and in order for the client to work he must route all his traffic through the server router.
The server is exposed to a public IP, and the client is not (the reason is that I don`t want to route all the machines connected to the client through the server/vpn router), however, because you mentioned the masquerade, I think I can expose the client router to a public IP as well, and set specific rules so that only the machine which needs all its requests routed through the server.
Do you have any articles/guides I could read in order to get a better grasp of the stuff I need to do?

Thanks again for the detailed respones!

FYI
https://blog.guohai.org/routeros/vpn/20 ... -l2tp.html