June 2, 2009 at 4:19 pm #41705
I am trying to setup a system that will have 10 VPNs connected to a head office ZeroShell. I want to separate each office from the other offices using VLANs and then connect the Head Office to a MikroTik RB1000 to route traffic to each office.
Which interfaces do I put VLAN Ids on in this system in order to route data from one office through to another office through the LAN-To-LAN VPNs that I have setup?
KenJune 3, 2009 at 1:09 pm #48188
I would be willing to pay for an hour or so of consulting to help get this setup.
KenJune 3, 2009 at 3:08 pm #48189
I’m very sure that the MikroTik RB1000 is fully capable of terminating vpn tunnels and controlling policies with access lists with the correct OS Level software image.
It seems like an over kill to terminate the vpn tunnels to zeroshell and then backhaul traffic to the MicroTik router.
Can you provide a diagram of what you’re trying to accomplish because there may be a much simpler way without diving into expensive hardware, software and routing traffic all over the internet.June 3, 2009 at 3:15 pm #48190
The reason we are using ZeroShell is because it does a MUCH better job of VPN tunnels. For some reason we can’t get more than 3.5MBit through any kind of MikroTik tunnel and we get 10MBits + through ZeroShell. Trust me on this I have spent over $10,000 and consulted with many MikroTik gurus and MikroTik themselves only to find that MikroTik can’t handle ENCRYPTED tunnels the way we need.
ZeroShell can’t be monitored with Cacti externally and isn’t as easy to use for firewall rules as a MikroTik which is why we are trying to mix technologies.
KenJune 3, 2009 at 3:22 pm #48191
Please PM me with the hardware/software at each site and the network diagram or post it here.June 3, 2009 at 4:15 pm #48192
Remote Office 1-n
Alix running ZeroShell with LAN-To-LAN VPN back to Head Office bridged on single Ethernet port.
PC running ZeroShell receiving LAN-To-LAN VPNs bridged to a single Ethernet port.
What I want is for each Office to be a separate VLAN that will go into the MikroTik then added to a bridge on the MikroTik. This will allow us to monitor traffic for each office by their VLAN interface (using SNMP – Cacti), and apply firewall rules for each office.
ZS:Remote Office —L-To-L— ZS:Head Office —VLAN— RB1000(MikroTik) — Head Office Network
Let me know if you need more. Really the only part I’m struggling is how to configure ZeroShell so that I can see each remote office as a separate VLAN in the MikroTik RB1000.
KenNovember 18, 2009 at 6:09 pm #48193
Was there ever a solution for this post.
The responses simply ended.November 19, 2009 at 2:54 pm #48194
I don’t know if it solved, but…
I think that on each vpn tunnel you will create a vlan corresponding for that tunnel. Then on the backhaul interface you will enable all the vlans again. Finally you will bridge each vlan tunnel and vlan interface on the backhaul.
You must be logged in to reply to this topic.