Community discussions

MikroTik App
Inssomniak
Member
Member
Topic Author
阿宝sts: 332
加入: Fri Apr 13, 2007 11:21 pm

Methods to use VPN as default GW

Sun Nov 14, 2010 4:04 pm

Hi all. Im looking for ideas and methods to use a VPN tunnel (IPIP/IPsec) as a default gateway, but of course not killing off the default gateway the tunnel is using. There wont be any NAT performed until the traffic reaches the other end of the VPN tunnel.

Thanks!
Top
roadracer96
Forum Veteran
Forum Veteran
阿宝sts: 727
加入: Tue Aug 25, 2009 12:01 am

Re: Methods to use VPN as default GW

Sun Nov 14, 2010 5:48 pm

Never done it, but policy routing or a VRF should do it. Simply putting the LAN interface and the tunnel interface in the same VRF and leaving the WAN interface in the main routing table would probably do it. Then just add a second default gateway in the LAN/tunnel VRF dst of 0.0.0.0 gateway of remote vpn ip.
Top
Inssomniak
Member
Member
Topic Author
阿宝sts: 332
加入: Fri Apr 13, 2007 11:21 pm

Re: Methods to use VPN as default GW

Mon Nov 15, 2010 1:17 am

Never done it, but policy routing or a VRF should do it. Simply putting the LAN interface and the tunnel interface in the same VRF and leaving the WAN interface in the main routing table would probably do it. Then just add a second default gateway in the LAN/tunnel VRF dst of 0.0.0.0 gateway of remote vpn ip.
Ive never done this either (had to google VRF), but Im not using MPLS on this network, will mikrotiks VRF work without MPLS?
Top
blake
Member
Member
阿宝sts: 426
加入: Mon May 31, 2010 10:46 pm
Location:Arizona

Re: Methods to use VPN as default GW

Mon Nov 15, 2010 1:41 am

Yes.
Top
Inssomniak
Member
Member
Topic Author
阿宝sts: 332
加入: Fri Apr 13, 2007 11:21 pm

Re: Methods to use VPN as default GW

Mon Nov 15, 2010 1:52 am

Yes.

I googled around about this VRF and there isnt a lot of info, any simple examples ? seems I still have to mark traffic with routing marks still so Im not sure how VRF is advantageous to using the main routing table with marks.?


I have a wan interface, and an IPIP tunnel over it to another mikrotik, and I want LAN traffic to go out the IPIP tunnel by default (not natted).
Top
roadracer96
Forum Veteran
Forum Veteran
阿宝sts: 727
加入: Tue Aug 25, 2009 12:01 am

Re: Methods to use VPN as default GW

Mon Nov 15, 2010 2:42 am

/ip route vrf add interfaces=ether1,ipip1 routing-mark=vpn-lan

Then all the routing that happens on the ether1 and ipip1 interface will happen in its own routing table called vpn-lan.

I think it should work. I use VRFs, but not for default gateway, just for private VPNs. MPLS is just for distributing the private routing tables across broad networks.
Top
Inssomniak
Member
Member
Topic Author
阿宝sts: 332
加入: Fri Apr 13, 2007 11:21 pm

Re: Methods to use VPN as default GW

Mon Nov 15, 2010 2:52 am

/ip route vrf add interfaces=ether1,ipip1 routing-mark=vpn-lan

Then all the routing that happens on the ether1 and ipip1 interface will happen in its own routing table called vpn-lan.

I think it should work. I use VRFs, but not for default gateway, just for private VPNs. MPLS is just for distributing the private routing tables across broad networks.
So I would add a default route 0.0.0.0/0 via tunnel IP and select vpn-lan as the routing mark?
Top
roadracer96
Forum Veteran
Forum Veteran
阿宝sts: 727
加入: Tue Aug 25, 2009 12:01 am

Re: Methods to use VPN as default GW

Mon Nov 15, 2010 3:35 am

Yep.
Top
用户头像
Chupaka
Forum Guru
Forum Guru
阿宝sts: 8689
加入: Mon Jun 19, 2006 11:15 pm
Location:Minsk, Belarus
Contact:

Re: Methods to use VPN as default GW

Mon Nov 15, 2010 3:26 pm

hmmm... why not just use policy routing? actually, VRFs in RouterOS are PBR-based...
Top

Who is online

Users browsing this forum:Ahrefs [Bot],Bing [Bot],mkx,onnoossendrijver,thor29,vodokotlic,Yodel9444and 41 guests