How to set the correct separation between the local network and the VPN clients?
Good afternoon. There is a misunderstanding on the configure private addressing in a network on Mikrotik. This:
The network is 192.168.88.0\24, there is connected to all the office PC + all VPN clients (L2TP).
It is necessary to limit the speed of the VPN clients + in General logically separated.
Tell me, please, is it true the algorithm settings that I have made to create a separate subnet for VPN clients:
1. Created address pool from the network 192.168.101.0\24 called vpn_pool;
2. Created a PPP profile to connect with addresses from vpn_pool;
3. In IP the DHCP Server has created subnet 192.168.101.0\24.
4. Created a user, setup a connection - connect is, but at leases I do not see the obtained IP.
And on this I have lacked the equipment, which further requires that I can fully manage a single subnet ?
Using existing server L2TP Mikrotik need to get the VPN clients in a separate subnet. To do this:
Create a separate pool with the desired address to the customers VPN (I did 192.168.102.0/24)
Do l2tp profile, indicating the pool of claim 1 as a remote address, local address gateway (e.g. 192.168.1.0 network, 192.168.1.1 is the gateway) that you specified in the profile of DNS servers.
Do user, bind the VPN profile.
connect with the client. If nothing changes, the default gateway for the client was the office router, through which he will walk in an Internet (it needs to still occasionally masquerading in the NAT on the VPN interface). If satisfied, then OK, nothing changes. If you need speed limits for the client, then:
In Windows in the settings of the VPN connection under network ipv4 there is a checkbox on the appointment of the default gateway in the network remotely. Remove it.
Prescribe the route to subnet of our office VPN network:
route-p add is 192.168.88.0 mask 255.255.255.0 192.168.102.1 , the flag R for permanent routes, otherwise after reboot flies.
Cut the speed in queues
Noemy49 answered on June 5th 19 at 22:02
And this will not be the ip lease in dhcp, because dhcp is not involved at all.
Rekomenduju to read about the interface list, and how they can be used together with the ppp profile.