Indice   FAQ  
Iscriviti  Login
Indice RouterOS RouterOS

Connessioni Multiple VPN

Tutto su questo sistema operativo linux based - Configurazioni, dubbi, problematiche &....
Rispondi al messaggio

Connessioni Multiple VPN

Messaggioda mikobo » lun 16 dic 2024, 11:15

Buongiorno, ho configurato una VPN con Wireguard. Ho creato 3 utenti nel Peers (due PC e un Android) Indistintamente il primo che collego alla VPN funziona correttamente, i successivi no e appena collego il secondo client non comunica più neanche il primo :muro: . Sul peer nel mikrotik ho impostato un ip diverso per ogni client.
Ho una 5009 con Gestore Tim business.
Possibile che sia Tim a bloccare gli accessi?
Grazie a chiunque risponda!
mikobo
Mikrotik Curious User
Mikrotik Curious User
 
Messaggi: 3
Iscritto il: sab 7 dic 2024, 19:59
Uso routerOS dalla Versione: v7.x
Top

Re: Connessioni Multiple VPN

Messaggioda abbio90 » mer 29 gen 2025, 12:32

Posta la configurazione completa
Scopri https://foisfabio.it - Tutorial sul Network
Avatar utente
abbio90
Mikrotik-Pro 1° Liv
Mikrotik-Pro 1° Liv
 
Messaggi: 536
Iscritto il: lun 26 giu 2017, 19:11
Località: Oristano
Uso routerOS dalla Versione: v4.x
Certificazioni Mikrotik: MTCNA
Top

Re: Connessioni Multiple VPN

Messaggioda mikobo » ven 14 feb 2025, 10:56

abbio90 ha scritto:Posta la configurazione completa


Ok grazie qui sotto c'è tutta la configurazione, ho giusto mascherato le key e l'ip pubblico. Il router è collegato direttamente all'ONT del gestore. Al momento è disattivata la wireguard perchè sto lavorando con l2tp


Codice: Seleziona tutto
# 2025-02-14 09:40:43 by RouterOS 7.17.2
# software id = S50S-QQZU
#
# model = RB5009UG+S+
# serial number = HGN09HE1CJX
/interface bridge
add arp=proxy-arp name=mainbridge vlan-filtering=yes
/interface ipip
add name=l2tp-pool remote-address=0.0.0.0
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard01
/interface vlan
add interface=mainbridge name=VLAN10HOME vlan-id=10
add interface=mainbridge name=VLAN20UFFICIO vlan-id=20
add interface=mainbridge name=VLAN30DOMOTICA vlan-id=30
add interface=mainbridge name=VLAN40TECNICA vlan-id=40
add interface=mainbridge name=VLAN50OSPITI vlan-id=50
add interface=mainbridge name=VLAN60PROXMOX vlan-id=60
add interface=ether1 name=ftth-tim vlan-id=835
/interface pppoe-client
add add-default-route=yes disabled=no interface=ftth-tim name=\
    tim-ftth-casanuova user=xxxxxxxxxxxxx@alicebiz.routed
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2412,2437,2462 name=2gh width=20/40mhz
add band=5ghz-ax disabled=no frequency=5180,5200,5220 name=5ghz \
    skip-dfs-channels=10min-cac width=20/40/80mhz
/interface wifi datapath
add bridge=mainbridge disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=home wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=ufficio wps=\
    disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=domotica wps=\
    disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=ospiti wps=\
    disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=sicurezza wps=\
    disable
/ip pool
add name=dhcp_pool0 ranges=192.168.100.2-192.168.100.254
add name=dhcp_pool1 ranges=192.168.10.20-192.168.10.100
add name=dhcp_pool2 ranges=192.168.20.20-192.168.20.100
add name=dhcp_pool3 ranges=192.168.30.20-192.168.30.100
add name=dhcp_pool4 ranges=192.168.40.20-192.168.40.100
add name=dhcp_pool5 ranges=192.168.50.20-192.168.50.100
add name=dhcp_pool7 ranges=192.168.60.2-192.168.60.254
add name=dhcp_pool8 ranges=192.168.60.2-192.168.60.254
add name=wireguard01 ranges=10.200.10.2-10.200.10.10
add comment=vpnl2tp name=l2tpvpn ranges=172.16.40.2-172.16.40.10
/ip dhcp-server
add address-pool=dhcp_pool0 interface=mainbridge name=dhcp1
add address-pool=dhcp_pool1 interface=VLAN10HOME name=dhcp2
add address-pool=dhcp_pool2 interface=VLAN20UFFICIO name=dhcp3
add address-pool=dhcp_pool3 interface=VLAN30DOMOTICA name=dhcp4
add address-pool=dhcp_pool4 interface=VLAN40TECNICA name=dhcp5
add address-pool=dhcp_pool5 interface=VLAN50OSPITI name=dhcp6
add address-pool=dhcp_pool8 interface=VLAN60PROXMOX name=dhcp7
/ppp profile
add local-address=176.16.40.1 name=l2tp only-one=yes remote-address=l2tpvpn \
    use-mpls=no
/interface bridge port
add bridge=mainbridge interface=ether2 pvid=30
add bridge=mainbridge interface=ether3 pvid=20
add bridge=mainbridge interface=ether4 pvid=30
add bridge=mainbridge interface=ether5 pvid=60
add bridge=mainbridge interface=ether6 pvid=60
add bridge=mainbridge interface=ether7 pvid=60
add bridge=mainbridge interface=ether8
add bridge=mainbridge interface=sfp-sfpplus1
/interface bridge vlan
add bridge=mainbridge tagged=mainbridge,ether8,sfp-sfpplus1 vlan-ids=10
add bridge=mainbridge tagged=mainbridge,sfp-sfpplus1,ether8 untagged=ether3 \
    vlan-ids=20
add bridge=mainbridge tagged=mainbridge,ether8,sfp-sfpplus1 untagged=\
    ether2,ether4 vlan-ids=30
add bridge=mainbridge tagged=mainbridge,ether8,sfp-sfpplus1 untagged=ether5 \
    vlan-ids=40
add bridge=mainbridge tagged=mainbridge,sfp-sfpplus1,ether8 vlan-ids=50
add bridge=mainbridge tagged=mainbridge,ether8,sfp-sfpplus1 untagged=\
    ether7,ether6 vlan-ids=60
/interface l2tp-server server
set default-profile=default enabled=yes use-ipsec=yes
/interface ovpn-server server
add mac-address=FE:CA:27:07:7A:7C name=ovpn-server1
/interface wifi capsman
set enabled=yes interfaces=mainbridge package-path="" \
    require-peer-certificate=no upgrade-policy=none
/interface wireguard peers
add allowed-address=0.0.0.0/0 client-address=10.200.10.2/24 client-dns=\
    8.8.8.8 disabled=yes endpoint-address=10.200.10.2 interface=wireguard01 \
    name=Workstation preshared-key=\
    "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" public-key=\
    "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx="
add allowed-address=0.0.0.0/0 client-address=10.200.10.3/32 client-dns=\
    8.8.8.8 disabled=yes endpoint-address=10.200.10.3 interface=wireguard01 \
    name=S22 public-key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
add allowed-address=0.0.0.0/0 client-address=10.200.10.4/32 client-dns=\
    8.8.8.8 disabled=yes endpoint-address=10.200.10.4 interface=wireguard01 \
    name=Portatile public-key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
add allowed-address=0.0.0.0/0 client-address=10.200.10.5/24 client-dns=\
    8.8.8.8 comment="Router Federfarma" endpoint-address=10.200.10.5 \
    interface=wireguard01 name=peer12 public-key=\
    "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
/ip address
add address=192.168.100.1/24 comment="BRIDGE PRINCIPALE" interface=mainbridge \
    network=192.168.100.0
add address=192.168.10.1/24 comment=HOME interface=VLAN10HOME network=\
    192.168.10.0
add address=192.168.20.1/24 comment=UFFICIO interface=VLAN20UFFICIO network=\
    192.168.20.0
add address=192.168.30.1/24 comment=DOMOTICA interface=VLAN30DOMOTICA \
    network=192.168.30.0
add address=192.168.40.1/24 comment=TECNICA interface=VLAN40TECNICA network=\
    192.168.40.0
add address=192.168.50.1/24 comment=OSPITI interface=VLAN50OSPITI network=\
    192.168.50.0
add address=192.168.1.40/24 disabled=yes interface=ether1 network=192.168.1.0
add address=192.168.60.1/24 comment=PROXMOX interface=VLAN60PROXMOX network=\
    192.168.60.0
add address=10.200.10.1/24 comment=Wireguard01 interface=wireguard01 network=\
    10.200.10.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.30.100 client-id=1:30:30:f9:ec:7c:d8 mac-address=\
    30:30:F9:EC:7C:D8 server=dhcp4
add address=192.168.30.201 client-id=1:b8:27:eb:b0:f9:50 mac-address=\
    B8:27:EB:B0:F9:50 server=dhcp4
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.30.1
add address=192.168.40.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.40.1
add address=192.168.50.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.50.1
add address=192.168.60.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.60.1
add address=192.168.100.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.100.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.100.0/24 list=Trusted
add list=Blocked
/ip firewall filter
add action=accept chain=input comment="Accetta estabilished e related" \
    connection-state=established,related in-interface=ether1
add action=accept chain=input comment="Accetta Wireguard" dst-port=13231 \
    protocol=udp
add action=accept chain=input comment="Accetta lista affidabili porta 22" \
    src-address-list=Trusted
add action=add-src-to-address-list address-list=Blocked address-list-timeout=\
    none-dynamic chain=input comment="Port 22 " dst-port=22 protocol=tcp
add action=accept chain=input comment="Accetta l2tp" dst-port=1701,500,4500 \
    protocol=udp
add action=drop chain=input comment="Drop invalid e untracked" \
    connection-state=invalid,untracked in-interface=ether1
add action=drop chain=input comment="Blocca nuovi pacchetti" \
    connection-state=new in-interface=ether1
add action=accept chain=forward comment="Forward estabilished e related" \
    connection-state=established,related in-interface=ether1
add action=drop chain=forward comment="Forward invalid e untracked" \
    connection-state=invalid,untracked in-interface=ether1
add action=drop chain=input comment="Blocca lista indirizzi porta 22" \
    src-address-list=Blocked
/ip firewall nat
add action=masquerade chain=srcnat out-interface=tim-ftth-casanuova
add action=dst-nat chain=dstnat dst-address=xx.xxx.xxx.xx dst-port=80 \
    protocol=tcp to-addresses=192.168.60.123 to-ports=80
add action=dst-nat chain=dstnat dst-address=xx.xxx.xxx.xx dst-port=443 \
    protocol=tcp to-addresses=192.168.60.123 to-ports=443
add action=dst-nat chain=dstnat dst-port=53 protocol=tcp to-addresses=8.8.8.8 \
    to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-address=xx.xxx.xxx.xx \
    dst-port=8080 protocol=tcp to-addresses=192.168.60.80 to-ports=8080
add action=dst-nat chain=dstnat disabled=yes dst-port=8006 protocol=tcp \
    to-addresses=192.168.60.200 to-ports=8006
add action=dst-nat chain=dstnat disabled=yes dst-address=xx.xxx.xxx.xx \
    dst-port=8099 protocol=tcp to-addresses=192.168.60.200 to-ports=8006
add action=dst-nat chain=dstnat disabled=yes dst-address=xx.xxx.xxx.xx \
    dst-port=8098 protocol=tcp to-addresses=192.168.60.201 to-ports=8006
add action=dst-nat chain=dstnat disabled=yes dst-address=xx.xxx.xxx.xx \
    dst-port=3389 protocol=udp to-addresses=192.168.60.100 to-ports=3389
add action=dst-nat chain=dstnat disabled=yes dst-address=xx.xxx.xxx.xx \
    dst-port=3389 protocol=udp to-addresses=192.168.60.100 to-ports=3389
add action=dst-nat chain=dstnat disabled=yes dst-address=xx.xxx.xxx.xx \
    dst-port=21115,21116,21117,21118,21119 protocol=tcp to-addresses=\
    192.168.60.122
add action=dst-nat chain=dstnat disabled=yes dst-address=xx.xxx.xxx.xx \
    dst-port=8000 protocol=tcp to-addresses=192.168.60.122 to-ports=8000
add action=dst-nat chain=dstnat disabled=yes dst-address=xx.xxx.xxx.xx \
    dst-port=21116 protocol=udp to-addresses=192.168.60.122 to-ports=21116
/ip firewall service-port
set ftp disabled=yes
set irc disabled=no
set rtsp disabled=no
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=main \
    suppress-hw-offload=no
add disabled=yes distance=1 dst-address=10.200.10.0/24 gateway=wireguard01 \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=192.168.10.0/24 gateway=wireguard01 \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=192.168.11.0/24 gateway=*F00043 \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=pub
/ppp secret
add local-address=172.16.40.2 name=mikmedia01 profile=l2tp remote-address=\
    172.16.40.3 service=l2tp
add comment=Federfarma disabled=yes local-address=172.16.40.2 name=mikmedia03 \
    profile=l2tp remote-address=172.16.40.4 service=l2tp
add local-address=172.16.40.2 name=desktop01 profile=l2tp remote-address=\
    172.16.40.5 service=l2tp
add local-address=172.16.40.2 name=desktop02 profile=l2tp remote-address=\
    172.16.40.6 service=l2tp
/system clock
set time-zone-name=Europe/Rome
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=193.204.114.233
/tool romon
set enabled=yes
mikobo
Mikrotik Curious User
Mikrotik Curious User
 
Messaggi: 3
Iscritto il: sab 7 dic 2024, 19:59
Uso routerOS dalla Versione: v7.x
Top

Rispondi al messaggio

Torna a RouterOS

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Privacy Terms of use
Powered by phpBB © 2002, 2005, 2007 phpBB Group
MikroTik is a registered trademark of MikroTikls corporation
Hai bisogno di aiuto? Contattaci!

cron