Community discussions

MikroTik App
 
mafiosa
Member Candidate
Member Candidate
Topic Author
Posts: 259
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

GRE over VRF

Sun Jul 24, 2022 4:48 pm

I have 3 ISP connections. I have a main routing table and a VRF. VRF is used for GRE tunnels. I am unable to get the GRE tunnel running on v7.4 stable. Is there any workaround to get it done? I am sharing my config too.
# jul/24/2022 19:14:31 by RouterOS 7.4
# software id = 5BN5-KMF2
#
# model = RB5009UG+S+
# serial number = EC190FF69B86
/interface bridge
add add-dhcp-option82=yes dhcp-snooping=yes frame-types=\
admit-only-vlan-tagged ingress-filtering=no name=Bridge vlan-filtering=\
yes
add name=Loopback
/interface ethernet
set [ find default-name=ether1 ] comment=WAN-LINKS
set [ find default-name=ether7 ] comment=WLAN
set [ find default-name=ether8 ] comment=DC
set [ find default-name=sfp-sfpplus1 ] advertise=1000M-full \
sfp-shutdown-temperature=62C speed=1Gbps
/interface l2tp-server
add name=DumDum user=mainak
/interface gre
add allow-fast-path=no name=Kochi remote-address=103.94.137.144
add !keepalive local-address=10.28.115.18 name=MarekGondek-PNI \
remote-address=185.214.69.63
add disabled=yes !keepalive local-address=10.28.115.18 name=Securebit-AG \
remote-address=194.50.94.249
/interface wireguard
add listen-port=51833 mtu=1420 name=Route48-SG
add listen-port=13232 mtu=1420 name=WSNL-bkp
/interface vxlan
add mac-address=E2:04:86:4D:5E:61 name=Madhyamgram port=8472 vni=69
add mac-address=4A:E6:21:4E:9A:76 name=Openswitch-IX port=4789 vni=3
/interface vlan
add interface=ether1 name=ABSPL-500 vlan-id=500
add interface=ether1 name=BSNL-425 vlan-id=425
add interface=Bridge name=DC-300 vlan-id=300
add interface=Bridge name=LAN-100 vlan-id=100
add interface=Bridge name=WLAN-200 vlan-id=200
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=ABSPL-500 name=\
ABSPL-PPPoE service-name=abs_78 use-peer-dns=yes user=kanika_cenn
add allow=chap disabled=no interface=BSNL-425 name=BSNL-PPPoE use-peer-dns=\
yes user=ct3325637415_eid@ftth.bsnl.in
/disk
set usb1 disabled=no
set usb1-part1 disabled=no name=disk1
/interface list
add name=WAN
add name=GRE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-192,aes-128 \
hash-algorithm=sha256
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 pfs-group=modp2048
/ip pool
add name=l2tp-roadwarrior ranges=192.168.69.2-192.168.69.6
add name=dhcp_pool0 ranges=192.168.23.2-192.168.23.254
add name=dhcp_pool1 ranges=192.168.24.2-192.168.24.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=LAN-100 lease-time=1w name=dhcp1
add address-pool=dhcp_pool1 interface=WLAN-200 lease-time=1w name=dhcp2
/ip vrf
add interfaces=ABSPL-500,DC-300,GRE name=AS-213326
/ppp profile
set *FFFFFFFE dns-server=192.168.72.53
/routing bgp template
add address-families=ipv6 as=213326 disabled=no input.affinity=remote-as \
name=route48 output.affinity=remote-as .filter-chain=route48-out \
.network=route48-out router-id=192.168.254.1
/routing ospf instance
add disabled=no name=ospf-v2
/routing ospf area
add disabled=no instance=ospf-v2 name=ospf-backbone-v2
add area-id=0.0.0.2 disabled=no instance=ospf-v2 name=ospf-area-2
add area-id=0.0.0.1 disabled=no instance=ospf-v2 name=ospf-area-1
/interface bridge port
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether2 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether3 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether4 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether5 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether6 pvid=100
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether7 pvid=200
add bridge=Bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether8 pvid=300
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set rp-filter=strict tcp-syncookies=yes
/interface bridge vlan
add bridge=Bridge tagged=Bridge vlan-ids=100
add bridge=Bridge tagged=Bridge vlan-ids=200
add bridge=Bridge tagged=Bridge vlan-ids=300
/interface l2tp-server server
set allow-fast-path=yes enabled=yes l2tpv3-circuit-id=100 l2tpv3-digest-hash=\
sha1 one-session-per-host=yes use-ipsec=yes
/interface list member
add interface=ABSPL-500 list=WAN
add interface=BSNL-PPPoE list=WAN
add interface=Kochi list=GRE
/interface ovpn-server server
set auth=sha256,sha512 certificate=OVPNServer cipher=aes256 protocol=udp
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set enabled=yes
/interface vxlan vteps
add interface=Openswitch-IX port=4789 remote-ip=115.187.62.14
add interface=Madhyamgram remote-ip=115.187.62.14
/interface wireguard peers
add allowed-address=::/0 endpoint-address=103.200.96.236 endpoint-port=51833 \
interface=Route48-SG public-key=\
"W0pI832mL5u7JzJjiE68dyS95mIGBDqGgSxSZromEGY="
add allowed-address=::/0 endpoint-address=103.174.246.1 endpoint-port=13232 \
interface=WSNL-bkp public-key=\
"O2IfD8MLzAFCnyvG+LlUDV+YN2POay1jbhKhUiBX4WE="
add allowed-address=0.0.0.0/0 endpoint-address=103.94.137.144 endpoint-port=\
13231 interface=*36 public-key=\
"xN1x4ETkd8kHY/6rnQV9MEOy0ZOZxqGgfJM6OKelwBs="
add allowed-address=192.168.100.2/32 interface=*37 public-key=\
"Od4ZKWeFkOmi3x8z79hcYQC9VdRw/6cEmLVdgi0JAUk="
/ip address
add address=192.168.254.1 interface=Loopback network=192.168.254.1
add address=192.168.168.13/30 interface=Madhyamgram network=192.168.168.12
add address=192.168.69.1/24 interface=Route48-SG network=192.168.69.0
add address=192.168.88.1/29 interface=ether1 network=192.168.88.0
add address=192.168.23.1/24 interface=LAN-100 network=192.168.23.0
add address=192.168.24.1/24 interface=WLAN-200 network=192.168.24.0
add address=192.168.72.1/23 interface=DC-300 network=192.168.72.0
add address=192.168.168.254/30 interface=Kochi network=192.168.168.252
add address=10.28.115.18/30 interface=ABSPL-500 network=10.28.115.16
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip cloud advanced
set use-local-address=yes
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server network
add address=192.168.23.0/24 dns-server=192.168.72.53 gateway=192.168.23.1
add address=192.168.24.0/24 dns-server=192.168.72.53 gateway=192.168.24.1
/ip dns
set servers=1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ABSPL-500
add action=masquerade chain=srcnat out-interface=ABSPL-PPPoE
add action=masquerade chain=srcnat out-interface=BSNL-PPPoE
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=BSNL-PPPoE pref-src=\
0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=\
10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
10.28.115.17 pref-src=0.0.0.0 routing-table=AS-213326 scope=30 \
suppress-hw-offload=no target-scope=10 vrf-interface=ABSPL-500
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8080 vrf=AS-213326
set ssh disabled=yes
set api disabled=yes
set winbox vrf=AS-213326
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ABSPL-500 type=external
add interface=Bridge type=internal
add interface=ether7 type=internal
add interface=BSNL-PPPoE type=external
/ipv6 dhcp-client
add interface=ABSPL-PPPoE pool-name=ABSPL-v6 pool-prefix-length=60 request=\
prefix
/routing igmp-proxy interface
add interface=DC-300
add interface=ABSPL-500 upstream=yes
add interface=LAN-100
add interface=WLAN-200
/routing ospf interface-template
add area=ospf-backbone-v2 disabled=no interfaces=Loopback networks=\
192.168.254.1/32
add area=ospf-backbone-v2 disabled=no interfaces=LAN-100 networks=\
192.168.23.0/24
add area=ospf-backbone-v2 disabled=no interfaces=WLAN-200 networks=\
192.168.24.0/24
add area=ospf-backbone-v2 disabled=no interfaces=DC-300 networks=\
192.168.72.0/23
add area=ospf-backbone-v2 disabled=no interfaces=Kochi networks=\
192.168.168.252/30 type=ptp
add area=ospf-area-2 disabled=no interfaces=Madhyamgram networks=\
192.168.168.12/30 type=ptp
add area=ospf-area-1 disabled=no interfaces=DumDum networks=192.168.168.20/30 \
type=ptp
add area=ospf-backbone-v2 disabled=no interfaces=ether1 networks=\
192.168.88.0/29
/routing rpki
add address=2606:4700:60::2 disabled=yes expire-interval=7200 group=\
cloudflare-rtr port=8282 refresh-interval=3600 retry-interval=600 vrf=\
main
add address=172.65.0.2 disabled=yes expire-interval=7200 group=cloudflare-rtr \
port=8282 refresh-interval=3600 retry-interval=600 vrf=main
/system clock
set time-zone-name=Asia/Kolkata
/system identity
set name=edgerouter.kalpak.net.in
/system note
set note="This router belongs to AS213326. Unauthorised access is strictly pro\
hibited. All login attempts are logged." show-at-login=no
/system ntp client
set enabled=yes vrf=AS-213326
/system ntp client servers
add address=time.cloudflare.com
add address=pool.ntp.org
/system routerboard settings
set auto-upgrade=yes
/tool graphing interface
add interface=ABSPL-500 store-on-disk=no
add interface=BSNL-PPPoE store-on-disk=no
add interface=DC-300 store-on-disk=no
add interface=WLAN-200 store-on-disk=no
add interface=LAN-100 store-on-disk=no
/tool graphing resource
add store-on-disk=no
/tool romon
set enabled=yes

Who is online

Users browsing this forum: ahmdzaki, marcelbohmer and 3 guests