Community discussions

MikroTik App
  4. RouterOS
  5. General

2Qs: Port Forwarding over multiple VPN tunnels + Loop Detection

Post Reply
 
unridaz
newbie
Topic Author
Posts: 34
Joined: Tue Mar 19, 2013 11:48 pm

2Qs: Port Forwarding over multiple VPN tunnels + Loop Detection

Wed Mar 04, 2015 5:18 pm

Hello, I have a two questions:

We have a hub and spoke topology for our IPSec network. The network connects multiple remote sites to a central network which is used as the internet gateway for the remote sites so we can apply things like adult content filtering. What we are trying to do now is to port forward some ports to destinations over the VPN tunnel, say port 22 for SSH, we would like to initate the connection to the gateway or central network, and then it will be port forwarded over the VPN to a host on one of the established tunnels. Unfortunately the remote sites were designed long before the VPN was needed, and we are now running into the issue where all the remote sites use the same LAN 10.3.3.0/24 making it very difficult for me to understand how I might be able to port forward to them when there may be 15 10.3.3.0/24 networks connected.

I understand that if all the remote sites had different LAN subnets, then this should be easier, but we do not want to change the IPs on the remote sites. Instead is there a way that we can masquerade the whole 10.3.3.0/24 network as another LAN subnet, say 192.168.1.0/24 such that a host on the first LAN, maybe 10.3.3.251, will also be on the other LAN at 192.168.1.251? This will allow us to give these 'fake' LANs to the remote sites in addition to the current LAN, giving me the ability to create the IPSec tunnels using the 192.168.1.0/24 LAN, and then I can put different 'fake' LANs on the rest of the sites sorting out the previous IP conflict?

Is there another or better way to do what I'm trying to accomplish?


My second question is regarding loop detection.

Is there any functions or scripts that I can use to detect if a user has inadvertently connected a cable causing a loop? And to shut of those ports? We use multi-port and single port devices like RB493s and 5Ghz Grooves. I can see the solution being slightly different because of the hardware differences.. on the 493s we would like to detect if someone connects 'ether3' to 'ether5' for example, and disable those ports. On the Groove, which 'ether1' is usually connected to an unmanaged switch, we would like to detect if perhaps someone has created a loop on the switch and to disable 'ether1'.

Appreciate your time and responses!
Top
Post Reply
  4. RouterOS
  5. General