I have a primary EdgeRouterPOE where a PBX it's connected, from that router I have a PtP link to another with this configuration:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action accept
description "Allow PPTP Port 1723"
destination {
port 1723
}
log disable
protocol tcp
}
rule 30 {
action accept
description "Allow PPTP GRE"
log disable
protocol gre
}
rule 40 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
interface-type all
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br1 {
address dhcp
aging 300
bridged-conntrack disable
hello-time 2
max-age 20
priority 32768
promiscuous disable
stp false
}
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth1 {
bridge-group {
bridge br1
}
description PBX
duplex auto
poe {
output 24v
}
speed auto
}
ethernet eth2 {
description Llanitos
duplex auto
poe {
output 24v
}
speed auto
}
ethernet eth3 {
description WLAN
duplex auto
poe {
output 24v
}
speed auto
}
ethernet eth4 {
description "Local 2"
duplex auto
poe {
output 24v
}
speed auto
}
loopback lo {
}
switch switch0 {
address 10.8.2.1/24
description "Local 2"
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
vif 6 {
bridge-group {
bridge br1
}
description PBX
mtu 1500
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
wan-interface eth0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN2 {
authoritative disable
subnet 10.8.2.0/24 {
default-router 10.8.2.1
dns-server 10.8.2.1
lease 3600
start 10.8.2.50 {
stop 10.8.2.249
}
}
}
}
dns {
dynamic {
interface eth0 {
service dyndns {
host-name xxxxx.dyndns.org
login xxxxx
password ****************
}
web dyndns
}
}
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name Altavista
login {
user xxxxxx {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name xxxxxx
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Bahia_Banderas
traffic-analysis {
dpi enable
export enable
}
}
vpn {
ipsec {
auto-firewall-nat-exclude enable
esp-group FOO0 {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group FOO0 {
ikev2-reauth no
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 2
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
site-to-site {
peer xxxxxxx.dyndns.org {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
description Gaviotas
ike-group FOO0
ikev2-reauth inherit
local-address any
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group FOO0
local {
prefix 10.8.2.0/24
}
remote {
prefix 10.3.2.0/24
}
}
}
}
}
pptp {
remote-access {
authentication {
local-users {
username xxxxx {
password ****************
}
}
mode local
}
client-ip-pool {
start 10.8.2.250
stop 10.8.2.254
}
dns-servers {
server-1 8.8.8.8
server-2 8.8.4.4
}
mtu 1492
}
}
}The calls work right, but the internet works for a fews seconds then not, and then works again, I was connected in the PPTP VPN but cannot access any IP, the IPSEC doen't connect, the second router gets internet by ETH0, the PtP goes to ETH1 in the second router to use VLAN6 for some phones
Any help will be much apreciated