For Several companies that I’m administrate their networks – I’ve chosen mikrotik as the default Router – mainly since its working smoothly and have fantastic options in their RouterOS.
To protect and serve the Headquarters – I’ve chosen the Mikrotik CCR-1009-8G-1S-1S+PS which is a cloudcore Router and on the small offices I’ve chosen the
After installing these Routers with the latest software – and get them up and running on each location(Offices) before configuring the VPN tunnels between the Offices. For a better overview – here’s the networks setup:
- HQ – Internal network 172.16.100.1/24 – public IP 22.214.171.124
- 1. Office Internal Nework 172.16.101.1/24 – public IP 126.96.36.199
- 2. Office Internal Network 172.16.102.1/24 – public IP 188.8.131.52
These information are quite inportant when creating the VPN rules and configuration as shown on this picture:
When all the 3 Routers are online, then the configuration of the VPN can begin. The best tool for configuration and normal use of the Mikrotik – is the Winbox which mikrotik provides here: Winbox 3.11
Now you shold be able to login to all three routers through your Winbox program.
Start on HQ Router ( but the same steps on each Mikrotik Router) go to Ip / IPsec.
Go to page Peers and create the Peers for Office 1 & 2. Only shown for Office1
The secret is your private VPNpassword – so remember this and make it strong.
Create the same Peer for Office2 only with the rigth IP address.
The next is to make the Policies for each Peer defining the local and Public IP:
Again make a Policy for each Peers – tha last thing on this to create in IPsec – is the proposal:
So now you should have the following setting:
- HQ – 2 Peers to Office1 & 2
- Office 1 – Peer to HQ
- Office 2 – Peer to HQ
Then all offices are connected back to HQ where all servers etc are placed. The last thing required is the firewall rules which allows the traffic to pass as on a local network.
Go to IP / Firewall and create a new Filter rules on HQ Router for accessing from Subnet for Office1.
Create allso a Filter rule for Office 2 on HQ Router – Create only from office to HQ on Office’s Router.
The last thing missing now is a NAT rule on HQ for each Peer:
And on each Office Router – you create a NAT rule towards the HQ.
Thats it – now you’ll have a VPN running between the Offices. Many other settings are available through DNS Setup etc. But you’ll be able to ping IP addresses on the FULL network on each location.