Acesso a NET via VPN

[mcadr]

Ola galera bom dia.
Estou precisando encontrar uma saida para meu problema com VPN
Minha empresa esta inaugurando uma Matriz e a minha estrutura local esta da seguinte forma.
Matriz
192.168.1.x
Filial
192.168.4.x

Fexho uma vpn entre as duas redes direto pelo MK, porem tenho encontrado problema com redirecionamento de portas.
Tenho um sistema que fica hospedado na matriz e que uma vez logado ele precisa se conetar em um client na maquina da filial.
Porem o mesmo me da uma mensagem de erro dizendo que não consegui conetar ao ip, porem o ip é o da VPN que se conectou na matriz.
Pensei em fechar uma conexão VPN para cada estação porem se eu tirar a opção de usar Gatway Default da VPN para que o acesso a internet seja pela net local não consigo conectar no sistema na matriz.


Queria saber se tenho alguma configuração a fazer de forma a deixar a opção de gatway default marcada na VPN mas fazer com que o trafego de acesso a internet saia localmente.

por favor me ajudem.
Att
Adriano Pires

[int21]

Procure "pptp + eoip" que sua conexão vai ser layer2 dai resolve seu lance.

http://www.butchevans.com/images/EoIPoPPtP.png

Our goal is the build a transparent bridge over the internet. This article gives a brief how-to describing the steps necessary to accomplish this. The PPtP tunnel is only needed in order to add encryption, since EoIP is not an encrypted tunnel.

In this configuration, there are several parts, which we will discuss individually. First, there is the IP space on both the internet side of each router and the "private" side. Note that the PRIVATE range is the SAME on both sides. This is not important for the tunnel to work, but one of the purposes of EoIP is to bridge networks in this way. It should, also, be noted that a DHCP server on either end of the tunnel will be "seen" by equipment at both ends of the tunnel.

The bridge interface on both ends includes the EoIP tunnel and the ethernet port that is plugged into the private network. This will be discussed in further detail in a few paragraphs.

To begin our config, we will first build the PPtP tunnel. We will set the left router (12.12.10.2) as the PPtP server and the right router (12.21.11.1) as the client.

Left router:
/interface pptp-server server
set enabled=yes

/ppp secret
add name="USERNAME" service=pptp password="PASS" \
local-address=192.168.10.1 remote-address=192.168.10.2 \
disabled=no

The above configuration is all that is needed on the left router. It should be noted that the IP range I chose for the tunnel is NOT in the same range as the LAN segments. This is not strictly needed, but it is good network design, since these interfaces will NOT be added to the bridge.

Right Router:
/interface pptp-client
add name="pptp-tunnel1" connect-to=12.12.10.2 \
user="USERNAME" password="PASS" \
profile=default-encryption add-default-route=no \
disabled=no

This is the full configuration needed for the tunnel on the right router. The profile section is a default setting, but I generally specify it anyway.

The PPtP tunnel is now set up and you should see the tunnel as running on both ends. Now we need to add the EoIP tunnel. This is the same on both ends, with the exception of the IP address we are connecting to.

LEFT:
/interface eoip add name=eoiptunnel remote-address=192.168.10.2 \
tunnel-id=101 disabled=no

RIGHT:
/interface eoip add name=eoiptunnel remote-address=192.168.10.1 \
tunnel-id=101 disabled=no

It is very important that the tunnel-id parameter be the same on both ends.

Next, we will add the bridge (this is the same on both ends):
/interface bridge add name=bridge1

Hard to believe it's that easy, but it is.

Next, we set up the bridge ports. We will assume that the LAN side of the Mikrotik routers are the ether1 interface.

/interface bridge port add bridge=bridge1 interface=ether1
/interface bridge port add bridge=bridge1 interface=eoiptunnel

The name eoiptunnel is the "name" parameter we used in the configuration we did above for the tunnel setup.

That's it for the config. It is very easy to set up this type of config. There are a couple of other notes I will make, but as far as the configuration on the Mikrotik, that's about it.

Devices on the right router should use 192.168.1.254 as their default gateway. They will be able to see the 192.168.1.1, but if you use that as a default gateway for these devices, then ALL their traffic will go across the bridge. This may be your desire, but it is important to note this fact. (Reverse the above for devices on the left router.)

I've already mentioned the DHCP server. Note that IP addresses cannot be duplicated on either network. The EoIP tunnel will act just like a (very long) ethernet cable plugged into a switch at both ends of the tunnel. You are, literally, joining the 2 networks into ONE network.

[mcadr]

int21 Obrigado pela resposta mas não consegui entende muito bem ou aplicar a configuração.
Teria como me ajudar... Meu ingles não é muito bom..
Eu ja tenho a VPN conectada... precisava fazer agora a segunda parte do passo a passo.
Minha rede esta da seguinte forma:
MAtriz
MK 192.168.1.254
Filial
MK 192.168.4.254
Estação Filial conectada via VPN
O IP local é 10.0.0.1
O remoto é 10.0.1.x
Preciso fazer com que a Internet na Matriz funcione...
Se poder me ajudar a aplicar este tutorial, ficarei muito grato.