Ragazzi BUON ANNO A TUTTI!!
E niente..non sono ancora riuscito..ho provato mettendo il bridge nel profile e provando a dare alla vpn anche la stessa classe da raggiungere ma non sono riuscito..
riporto la config cosi magari vediamo nel concreto
Ho diversi device (rb 750) collegati tramite eoip over sstp verso un vpn server (RB 2011). Ho dei clienti che tramite delle connessioni ovpn fatte da client windows si collegano alla 2011 e devono raggiungere ognuno la propria rete dietro rb750.
quindi vorrei che ogni opvn potesse collegarsi solo ad una determinata rb 750 e ai dispositivi collegati sotto di lei.
tramite rotte non sono riuscito..dovro farlo tramite firewall?
ip lan RB750_1 192.168.250.1/24 ip eoip 10.10.10.2
ip lan RB750_2 192.168.250.1/24 ip eoip 10.10.10.3
ovpn_1 ip 20.20.20.2
ovpn_2 ip 20.20.20.3
- Codice: Seleziona tutto
# dec/31/2020 11:27:34 by RouterOS 6.47.7
# software id = GL1W-76FF
#
# model = RB2011UiAS
/interface bridge
add name=bridge-S1
add name=bridge-S2
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 password=xx user=xx
/interface eoip
add local-address=10.10.10.1 mac-address=02:AD:EC:5F:AC:A1 name=eoip-S1 remote-address=10.10.10.2 tunnel-id=100
add local-address=10.10.10.1 mac-address=02:24:02:98:DB:C0 name=eoip-S2 remote-address=10.10.10.3 tunnel-id=101
/ip pool
add name=dhcp_pool0 ranges=192.168.1.1-192.168.1.200
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether5 name=dhcp1
/ppp profile
add name=vpn-profile use-compression=no use-encryption=required
set *FFFFFFFE local-address=20.20.20.1
/interface bridge port
add bridge=bridge-S1 interface=ether10
add bridge=bridge-S1 interface=eoip-S1
add bridge=bridge-S2 interface=eoip-S2
/interface ovpn-server server
set auth=sha1 certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=vpn-profile enabled=yes require-client-certificate=yes
/interface sstp-server server
set enabled=yes port=5443
/ip address
add address=192.168.1.200/24 disabled=yes interface=ether1 network=192.168.1.0
add address=192.168.250.190/24 disabled=yes interface=bridge-S1 network=192.168.250.0
add address=192.168.1.251/24 interface=ether5 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,46.23.197.135 gateway=192.168.1.251
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input dst-port=1723 protocol=udp
add action=accept chain=input dst-port=1194 protocol=tcp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
/ip route
add distance=1 gateway=192.168.1.251
/ppp secret
add local-address=10.10.10.1 name=xx password=xx remote-address=10.10.10.2 service=sstp
add local-address=10.10.10.1 name=xx password=xx remote-address=10.10.10.3 service=sstp
add local-address=20.20.20.1 name=yy password=yy profile=vpn-profile remote-address=20.20.20.2 service=ovpn
add local-address=20.20.20.1 name=yy password=yy profile=vpn-profile remote-address=20.20.20.3 service=ovpn