This is an old revision of the document!

MikroTik

Two separate connections for two separate LANs with one RouterBoard

Disconnect the bridge between etherX-*-local (Interface properties - remove the Master port).

Mark the packets from LAN subnets (e.g. 192.168.10.0/24 a 192.168.20.0/24):

/ip firewall mangle add action=mark-routing chain=prerouting \
    new-routing-mark=routing_mark_office src-address=192.168.10.0/24
/ip firewall mangle add action=mark-routing chain=prerouting \
    new-routing-mark=routing_mark_guests src-address=192.168.20.0/24

Set up routing for packets marked with mangle:

/ip route add gateway=ether1-wan1 routing-mark=routing_mark_office
/ip route add gateway=ether2-wan2 routing-mark=routing_mark_guests

Note: Gateway can also be a PPPoE connection (in case of DSL).

Set up masquerade for the second wan interface (assuming that masquerade was set up only for the ether1-wan1).

PPP VPN

PPP > Profile > Add
1. Name
2. Local address: local IP of the router
3. Remote address: pool from which the remote clients will get IP addresses
4. DNS server: optional?
5. Protocols > Use Encryption: Yes
PPP > PPTP Server (button)
1. Enabled
2. Default profile: our newly created profile
PPP > Secrets
1. Name: someusername
2. Password: somepassword
3. Service: PPTP
4. Profile: our newly created profile
In Firewall, allow:
1. 1752/TCP
2. 47/IP (GRE)
On LAN interface, allow:
1. ARP: proxy-arp
2. Note: if bridged, then do this on the bridge instead of LAN interface.

WereDoku

Table of Contents

MikroTik

Two separate connections for two separate LANs with one RouterBoard

PPP VPN

WereDoku

User Tools

Site Tools

Table of Contents

MikroTik

Two separate connections for two separate LANs with one RouterBoard

PPP VPN

Page Tools