Page 1 of 1
Dual WAN VPN with failover
Posted: Fri Dec 26, 2014 5:06 pm
by Konior21
Hello, new Mikrotik user here, I have previous experience with Sonicwall and a little Cisco/ASA. I have the basics configured on my new Mikrotiks for my company, although they are not in production yet. I have three that need to all go live as close together as possible, including one that is overseas that I must configure remotely. The two US sites each have two WAN connections, the overseas site only has one. I need to setup a VPN between all 3 locations with WAN failover at the US sites, that will keep the VPN connection up if any US WAN connection fails. I do not care about load balancing.
I have been watching YouTube videos and searching the forums, but I have not been able to find exactly what I need. Can anyone point me in the right direction? Thanks!
Re: Dual WAN VPN with failover
Posted: Tue Dec 30, 2014 4:37 pm
by Konior21
Bump. This is a pretty standard setup. Can anyone help with this?
Re: Dual WAN VPN with failover
Posted: Wed Dec 31, 2014 4:54 pm
by Konior21
Please disregard as I am returning these firewalls and buying SonicWalls.
Re: Dual WAN VPN with failover
Posted: Fri Jan 09, 2015 12:04 pm
by marting
Hi,
I need to build a similar setup. Does anybody have a hint?
Regards
Martin
Re: Dual WAN VPN with failover
Posted: Fri Jan 09, 2015 2:39 pm
by eternal0
1.Use SSTP/OVPN to connect to each IP. You need to configure Mangle Rule and Routing Table to make the network flow using proper WAN connection.
2.Set up EoIP tunnel for each SSTP/OVPN.
3.Set up bonding for each pair of EoIP tunnel. In your case you need 3 bonding.
4.Enjoy!
Re: Dual WAN VPN with failover
Posted: Wed Jan 21, 2015 4:03 pm
by marting
Hi eteranl,
thank you for sharing this solution. As I have read EoIP suffers performance, is there a better alternative? Would this work?
1. SSTP/OVPN to connect each WAN to each pper
2. MPLS/VPLS over VPN tunnel
Re: Dual WAN VPN with failover
Posted: Thu Jan 22, 2015 5:16 pm
by eternal0
Hi eteranl,
thank you for sharing this solution. As I have read EoIP suffers performance, is there a better alternative? Would this work?
1. SSTP/OVPN to connect each WAN to each pper
2. MPLS/VPLS over VPN tunnel
If you can accept tcp connection reset on failover, just use any Tunnel is OK. EoIP and bonding is not necessary.
I think SSTP/OVPN have a serious impact on performance, not EoIP. GRE(IPIP/EoIP/PPTP) is much faster than TCP(SSTP/OVPN).
Re: Dual WAN VPN with failover
Posted: Thu Jan 22, 2015 5:21 pm
by marting
But you suggest using SSTP/OVPN as point 1 in your solution. Do I misunderstand?
Re: Dual WAN VPN with failover
Posted: Fri Jan 23, 2015 2:44 am
by eternal0
But you suggest using SSTP/OVPN as point 1 in your solution. Do I misunderstand?
I suggest it for security(RSA4096+SHA512+AES256).
If you need high performance, use IPIP/PPTP instead. Of course, you still need to configure Mangle Rule and Routing Table.