Jump to content

Объединение офисов на l2tp

XangeL
 Share

Recommended Posts

XangeL

XangeL

Posted
Posted

Поставлена задача с объединением двух подсетей в двух офисах 192.168.1.0/24 и 192.168.2.0/24. В обоих точках имеется белый IP.

 

По этомуМануалу настроил L2TP и Eoip.

 

В результате я вижу и могу подключить по ip в обе стороны. Проблема в следующем что рабочие станции не отображаются в едином сетевом окружении.

 

При сканировании нужного диапазона например программой IP SCAN, на время появляется возможность обращаться по заранее известным ХОСТ именнам ПК.

 

Как я понимаю связано с NETBIOS или DNS. Что можно предпринять для полного отображения в сетевом окружении ПК с обеих подсетей ?

 

Конфиг клиента

 

 

 

 

/interface bridge

add name=bridge1

/interface l2tp-client

add allow=mschap2 connect-to=Х.Х.Х.Х disabled=no mrru=1600 name=l2tp-out1 password=93799921 user=RemoveUser1

/interface eoip

add arp=proxy-arp !keepalive mac-address=02:86:D8:6A:13:A0 name=eoip-tunnel1 remote-address=10.50.0.10 tunnel-id=0

/ip neighbor discovery

set ether1 discover=no

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip pool

add name=dhcp ranges=192.168.2.100-192.168.2.254

/ip dhcp-server

add add-arp=yes address-pool=dhcp authoritative=yes disabled=no interface=bridge1 name=defconf

/ppp profile

set *FFFFFFFE use-upnp=yes

/interface bridge filter

add action=drop chain=forward comment="Drop all DHCP requests over EoIP bridge" dst-port=67 ip-protocol=udp mac-protocol=ip

/interface bridge port

add bridge=bridge1 interface=ether2

add bridge=bridge1 interface=ether3

add bridge=bridge1 interface=ether4

add bridge=bridge1 interface=ether5

add bridge=bridge1 interface=eoip-tunnel1

/ip address

add address=192.168.2.1/24 comment=defconf interface=bridge1 network=192.168.2.0

/ip dhcp-client

add add-default-route=special-classless comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1

/ip dhcp-server network

add address=192.168.2.0/24 comment=defconf dns-server=192.168.2.1 gateway=192.168.2.1 netmask=24

/ip dns

set allow-remote-requests=yes servers=8.8.8.8

/ip firewall filter

add chain=input dst-port=8291 protocol=tcp

add chain=input protocol=icmp

add chain=forward dst-port=137 protocol=tcp

add chain=forward dst-port=137 protocol=udp

add chain=forward dst-port=138 protocol=tcp

add chain=forward dst-port=138 protocol=udp

add chain=forward dst-port=139 protocol=tcp

add chain=forward dst-port=139 protocol=udp

add chain=forward dst-port=445 protocol=tcp

add chain=forward dst-port=445 protocol=udp

add chain=forward protocol=gre

add chain=input protocol=gre

add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp

add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related

add chain=forward comment="defconf: accept established,related" connection-state=established,related

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \

connection-state=new in-interface=ether1

add chain=input connection-state=established

add chain=input connection-state=related

add action=drop chain=input disabled=yes in-interface=ether1

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes out-interface=ether1

add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes out-interface=all-ppp

/ip route

add distance=1 dst-address=192.168.1.0/24 gateway=10.50.0.10 pref-src=10.50.0.11

 

 

 

Конфиг сервера

 

 

 

/interface l2tp-server

add name=RemoveUser1 user=RemoveUser1

/interface bridge

add admin-mac=E4:8D:8C:47:6F:27 auto-mac=no name=bridge-local

/interface ethernet

set [ find default-name=ether1 ] name=ether1-gateway

/interface eoip

add arp=proxy-arp !keepalive mac-address=02:AB:7F:8F:20:89 name=eoip-tunnel1 \

remote-address=10.50.0.11 tunnel-id=0

/ip neighbor discovery

set ether1-gateway discover=no

/ip ipsec proposal

set [ find default=yes ] enc-algorithms=aes-128-cbc

/ip pool

add name=default-dhcp ranges=192.168.1.100-192.168.1.254

/ip dhcp-server

add add-arp=yes address-pool=default-dhcp authoritative=yes disabled=no \

interface=bridge-local lease-time=10h name=default

/ppp profile

add name=remove-office use-compression=yes use-encryption=yes use-upnp=yes

/interface bridge filter

add action=drop chain=forward comment="Drop all DHCP requests over EoIP bridge" \

dst-port=67 ip-protocol=udp mac-protocol=ip

/interface bridge port

add bridge=bridge-local interface=ether2

add bridge=bridge-local interface=wlan1

add bridge=bridge-local interface=ether3

add bridge=bridge-local interface=ether4

add bridge=bridge-local interface=ether5

add bridge=bridge-local interface=eoip-tunnel1

/interface l2tp-server server

set authentication=mschap1,mschap2 default-profile=remove-office enabled=yes

/interface pptp-server server

set authentication=pap,chap,mschap1,mschap2 default-profile=remove-office

/ip address

add address=192.168.1.1/24 comment="default configuration" interface=\

bridge-local network=192.168.1.0

add address=10.143.25.16/24 disabled=yes interface=ether1-gateway network=\

10.143.25.0

/ip dhcp-client

add add-default-route=special-classless comment="default configuration" \

dhcp-options=hostname,clientid disabled=no interface=ether1-gateway

/ip dhcp-server lease

add address=192.168.1.100 mac-address=00:17:9A:05:9C:5E server=default

/ip dhcp-server network

add address=192.168.1.0/24 comment="default configuration" dns-server=\

192.168.1.1 gateway=192.168.1.1 netmask=24

/ip dns

set allow-remote-requests=yes cache-max-ttl=4w3d cache-size=4096KiB servers=\

8.8.8.8

/ip firewall filter

add chain=forward dst-port=137 protocol=tcp

add chain=forward dst-port=137 protocol=udp

add chain=forward dst-port=138 protocol=tcp

add chain=forward dst-port=138 protocol=udp

add chain=forward dst-port=139 protocol=tcp

add chain=forward dst-port=139 protocol=udp

add chain=forward dst-port=445 protocol=tcp

add chain=forward dst-port=445 protocol=udp

add chain=forward dst-address=192.168.1.0/24 src-address=192.168.2.0/24

add chain=forward dst-address=192.168.2.0/24 src-address=192.168.1.0/24

add chain=input comment="Allow winbox" dst-port=8291 protocol=tcp

add chain=input comment="Allow vpn" dst-port=1701 protocol=udp

add chain=input dst-port=1723 protocol=tcp

add chain=input protocol=gre

add chain=forward protocol=gre

add chain=input comment="default configuration" protocol=icmp

add chain=input comment="default configuration" connection-state=\

established,related

add action=drop chain=input comment="default configuration" disabled=yes \

in-interface=ether1-gateway

add action=fasttrack-connection chain=forward comment="default configuration" \

connection-state=established,related disabled=yes

add chain=forward comment="default configuration" connection-state=\

established,related disabled=yes

add action=drop chain=forward comment="default configuration" connection-state=\

invalid disabled=yes

add action=drop chain=forward comment="default configuration" \

connection-nat-state=!dstnat connection-state=new disabled=yes \

in-interface=ether1-gateway

/ip firewall nat

add action=masquerade chain=srcnat comment="default configuration" \

out-interface=ether1-gateway

add action=masquerade chain=srcnat out-interface=all-ppp

add action=dst-nat chain=dstnat dst-port=13389 in-interface=ether1-gateway \

protocol=tcp to-addresses=192.168.1.100 to-ports=3389

add action=dst-nat chain=dstnat dst-port=13389 in-interface=ether1-gateway \

protocol=udp to-addresses=192.168.1.100 to-ports=3389

/ip route

add distance=1 dst-address=192.168.2.0/24 gateway=10.50.0.11 pref-src=\

10.50.0.10

/ppp secret

add local-address=10.50.0.10 name=RemoveUser1 password=93799921 profile=\

remove-office remote-address=10.50.0.11 service=l2tp

 

 

 

 

p.s: заранее благодарю за любую помощь...

  • 2 weeks later...
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.