Good morning everyone I have a scenario like below:
ROUTER1 - CHR in hosting
ROUTER2 - Head office
ROUTER3 Location 2
ROUTER4 Seat 3
Then I have another 40 Routers which we call R1 guest, R2 guest and so on.
The R1-CHR acts as a l2tp+ipsec, sstp and wireguard server.
sstp and l2tp+ipsec are distributed redundantly with the same subnet and same IP, using ECMP.
Wireguard instead uses a dedicated subnet.
I would like everyone in the office area to announce all the subnets to each other but not the subnets of the vpn itself.
Also, everyone in the guest area, only the R1-CHR needs to know about the remote LANs but the guest LANs don't need to know about the office area.
I started the conf but the VPN subnet is also announced to me, so before going too far I wanted to resolve this first.
The subnet used for l2tp+ipsec and sstp is 10.165.32.0/24
The one used for Wireguard is 10.165.33.0/24
In the R1-CHR I have to announce 10.245.159.0/24
In the R2-office I have to announce the subnets, 10.246.159.0/24
10.246.161.0/24
10.250.159.0/24
10.10.10.0/24
In the R3-office I have to announce
192.168.17.0/24
192.168.80.0/24
In the guest routers there are various subnets that I will not list now, but let's assume that on R1-guest it must announce 172.16.70.0/24.
I started the configuration like this:
This is R1-CHR:
This is R2-office:This is a printout of the routes:Could anyone kindly give me a hand?
ROUTER1 - CHR in hosting
ROUTER2 - Head office
ROUTER3 Location 2
ROUTER4 Seat 3
Then I have another 40 Routers which we call R1 guest, R2 guest and so on.
The R1-CHR acts as a l2tp+ipsec, sstp and wireguard server.
sstp and l2tp+ipsec are distributed redundantly with the same subnet and same IP, using ECMP.
Wireguard instead uses a dedicated subnet.
I would like everyone in the office area to announce all the subnets to each other but not the subnets of the vpn itself.
Also, everyone in the guest area, only the R1-CHR needs to know about the remote LANs but the guest LANs don't need to know about the office area.
I started the conf but the VPN subnet is also announced to me, so before going too far I wanted to resolve this first.
The subnet used for l2tp+ipsec and sstp is 10.165.32.0/24
The one used for Wireguard is 10.165.33.0/24
In the R1-CHR I have to announce 10.245.159.0/24
In the R2-office I have to announce the subnets, 10.246.159.0/24
10.246.161.0/24
10.250.159.0/24
10.10.10.0/24
In the R3-office I have to announce
192.168.17.0/24
192.168.80.0/24
In the guest routers there are various subnets that I will not list now, but let's assume that on R1-guest it must announce 172.16.70.0/24.
I started the configuration like this:
This is R1-CHR:
Code:
/routing idadd disabled=no id=192.0.0.1 name=id-1 select-dynamic-id=""/routing ospf instanceadd disabled=no name=ospf-instance-1 router-id=id-1/routing ospf areaadd disabled=no instance=ospf-instance-1 name=backboneadd area-id=1.1.1.1 disabled=no instance=ospf-instance-1 name=ospf-area-1/routing ospf interface-templateadd area=backbone disabled=no networks=10.245.159.0/24 passiveadd area=backbone disabled=no interfaces=l2tp-casa-terralba,sstp-casa-terralba type=ptpadd area=backbone disabled=no interfaces=wireguard-server1 type=ptpThis is R2-office:
Code:
/routing bgp templateset default disabled=no output.network=bgp-networks/routing idadd disabled=no id=192.0.0.2 name=id-1 select-dynamic-id=""/routing ospf instanceadd disabled=no name=ospf-instance-1 router-id=id-1/routing ospf areaadd disabled=no instance=ospf-instance-1 name=backbone/routing bfd configurationadd disabled=no/routing ospf interface-templateadd area=backbone disabled=no networks=10.246.159.0/24,10.246.161.0/24,10.250.159.0/24,10.10.10.0/24 passiveadd area=backbone disabled=no interfaces=l2tp-Synthohosting,sstp-CHR-synthohosting type=ptpadd area=backbone disabled=no interfaces=wireguard_CHR-c1v type=ptpCode:
#R1-CHRFlags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC, o - OSPF; + - ECMPColumns: DST-ADDRESS, GATEWAY, DISTANCE# DST-ADDRESS GATEWAY DISTANCE0 As 0.0.0.0/0 1.2.3.10 1 DAo 10.10.10.0/30 10.165.32.3%l2tp-casa-terralba 110 DAo 10.165.32.1/32 10.165.32.3%l2tp-casa-terralba 110 DAc+ 10.165.32.2/32 <l2tp-casa.morgongiori> 0 DAc+ 10.165.32.2/32 <sstp-casa.morgongiori> 0 DAc+ 10.165.32.3/32 sstp-casa-terralba 0 DAc+ 10.165.32.3/32 l2tp-casa-terralba 0 DAc 10.165.32.4/32 <sstp-Orto-Strada3> 0 DAc+ 10.165.32.254/32 <sstp-CHR_C1v> 0 DAc+ 10.165.32.254/32 <l2tp-CHR_C1v> 0 DAc 10.165.33.0/24 wireguard-server1 0 DAc 10.165.34.0/24 wireguard-NETFLIX 0 DAc 10.165.36.0/24 bridge-loopback1 0 DAc 10.165.37.0/24 bridge-loopback2 0 DAo 10.165.50.0/24 10.165.32.3%l2tp-casa-terralba 110 DAc 10.245.159.0/24 bridge-LAN 0 DAo 10.246.159.0/24 10.165.32.3%l2tp-casa-terralba 110 DAo 10.246.161.0/24 10.165.32.3%l2tp-casa-terralba 110 DAo 10.250.159.0/24 10.165.32.3%l2tp-casa-terralba 110 DAc+ 1.2.3.4/27 ether1 0 DAc+ 1.2.3.5/27 ether1 0 DAc+ 1.2.3.6/27 ether1 0Code:
#R2-officeFlags: D - DYNAMIC; X - DISABLED, I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC, o - OSPF; H - HW-OFFLOADED; + - ECMPColumns: DST-ADDRESS, GATEWAY, DISTANCE # DST-ADDRESS GATEWAY DISTANCE 0 Xs 192.168.8.0/24 10.165.43.1 3 1 Xs 208.67.222.222/32 10.10.10.1 1;;; backup out home assistant e vto 2 Xs 0.0.0.0/0 8.8.4.4 2 3 Xs 192.168.1.0/24 10.246.159.55 1 4 Xs 10.245.159.0/24 10.165.50.1 1;;; ISP2 default route - BACKUP 5 s 0.0.0.0/0 8.8.8.8 2;;; ISP1 default route MAIN 6 As 0.0.0.0/0 8.8.4.4 1 DAc 5.6.7.8/32 bridge70_L2_ON_CHR 0;;; ISP1 route dns 7 As 8.8.4.4/32 192.168.192.168 1;;; ISP2 route dns 8 As 8.8.8.8/32 10.10.10.1 1 DAc 10.10.10.0/30 vlan40_ether10-ISP2 0 DAc 10.127.0.0/24 wireguard-ESP 0 DAc + 10.165.32.1/32 sstp-CHR-synthohosting 0 DAc + 10.165.32.1/32 l2tp-Synthohosting 0 DAo 10.165.32.3/32 10.165.32.1%l2tp-Synthohosting 110 DAc 10.165.33.0/24 wireguard_CHR-c1v 0 DAc 10.165.43.1/32 sstp_VPN-CHR 0 9 As 10.165.46.0/24 wireguard_CHR-c1v 1 DAc 10.165.50.0/24 wireguard_CHR-c1v 010 As 10.200.1.0/30 10.246.159.56 1 D o 10.245.159.0/24 10.165.32.1%l2tp-Synthohosting 11011 As 10.245.159.0/24 10.165.43.1 2 DAc 10.245.160.0/24 bridge-loopback 0 DAc 10.246.159.0/24 BRIDGE10_LAN 0 DAc 10.246.161.0/24 bridge50-TVCC 012 s + 10.246.170.0/24 10.165.32.1 213 As 10.246.170.0/24 10.165.43.1 114 As 10.246.180.0/26 192.168.17.60 115 s 10.246.180.0/26 10.165.43.1 216 IsH 10.247.159.0/24 10.246.159.1 1;;; Route subnet 10.247.159.XX e 10.248.159.xx da pubblico che appartengono al map mikrotik17 As 10.247.159.0/24 10.165.43.1 318 IsH 10.247.159.0/24 192.168.17.2 2 DAc 10.250.159.0/24 bridge200-VLAN-NAS 0 DAc 169.254.0.0/16 ether1 0 DAc 172.16.20.0/27 bridge30-GUEST 0 DAc 172.17.20.0/24 bridge20-HDMI 019 As 192.168.8.0/24 10.246.159.1 120 IsH 192.168.8.0/24 192.168.17.2 2 DAc 192.168.15.0/24 BRIDGE10_LAN 0 DAc 192.168.17.60/32 <l2tp-Orto.STR3> 021 As 192.168.74.0/24 10.127.0.2 1 DAc 192.168.80.0/24 bridge80-ARUBA_NETWORK 0 DAc 192.168.178.0/24 ether1 0 DAc 192.168.192.168/32 pppoe-NETOIP 0 DAc 192.168.200.0/24 ether1 022 As 192.168.255.0/24 10.165.43.1 1;;; OUT VTO con VPN23 As 0.0.0.0/0 10.165.43.1 124 As 0.0.0.0/0 8.8.4.4 125 As 0.0.0.0/0 8.8.8.8 1;;; backup out Netflix26 As 0.0.0.0/0 10.165.50.1 Statistics: Posted by abbio90 — Thu Jan 04, 2024 10:09 pm