Community discussions

MikroTik App
  4. RouterOS
  5. General

RB750g and OpenVPN

Post Reply
 
davidlmd
just joined
Topic Author
Posts: 9
Joined: Tue Dec 22, 2009 2:35 pm

RB750g and OpenVPN

Wed Dec 01, 2010 10:52 am

Hallo , i'm trying to use RB750 for OVPN Systema Server-Client.

I use RB759G as OVPN Server with this conf :

[admin@Server 750] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; WAN
192.168.1.101/24 192.168.1.0 192.168.1.255 ether1-gateway
1 ;;; LAN BRIDGE
10.20.30.50/24 10.20.30.0 10.20.30.255 bridge1
2 D 10.20.30.33/32 10.20.30.200 0.0.0.0 <ovpn-david>

[admin@Server 750] /interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 l2mtu=1524 arp=enabled
mac-address=00:0C:42:71:D1:51 protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m

[admin@Server 750] /interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 ether2-local-master bridge1 0x80 10 none
1 D <ovpn-david> bridge1 0x80 10 none
[admin@Server 750] /interface bridge port>

[admin@Server 750] /ppp profile> print
Flags: * - default
0 * name="default" use-compression=default use-vj-compression=default
use-encryption=default only-one=default change-tcp-mss=yes

1 name="OVPN Profile" local-address=10.20.30.33 remote-address=OVPN Pool
bridge=bridge1 use-compression=default use-vj-compression=default
use-encryption=required only-one=default change-tcp-mss=default

2 * name="default-encryption" use-compression=default
use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=yes
[admin@Server 750] /ppp profile>

[admin@Server 750] /ppp> secret print
Flags: X - disabled
# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS
0 username any password OVPN Pro...
[admin@Server 750] /ppp>

[admin@Server 750] > ip pool print
# NAME RANGES
0 OVPN Pool 10.20.30.100-10.20.30.200
[admin@Server 750] >

[admin@Server 750] > interface ovpn-server server print
enabled: yes
port: 1194
mode: ethernet
netmask: 24
mac-address: FE:C5:A0:48:72:C9
max-mtu: 1460
keepalive-timeout: disabled
default-profile: OVPN Profile
certificate: cert1
require-client-certificate: no
auth: sha1,md5
cipher: blowfish128,aes128,aes192,aes256
[admin@Server 750] >

[admin@Server 750] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 ether1-gateway 1
1 ADC 10.20.30.0/24 10.20.30.50 bridge1 0
2 ADC 10.20.30.200/32 10.20.30.33 bridge1 0
3 ADC 192.168.1.0/24 192.168.1.101 ether1-gateway 0
[admin@Server 750] >

[admin@Server 750] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=input action=accept protocol=icmp

1 ;;; default configuration
chain=input action=accept connection-state=established
in-interface=ether1-gateway

2 ;;; default configuration
chain=input action=accept connection-state=related
in-interface=ether1-gateway

3 X ;;; default configuration
chain=input action=drop in-interface=ether1-gateway
[admin@Server 750] >


Then i use another RB750G as OVPN Client with this conf :

[admin@Client 750] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; WAN
192.168.1.102/24 192.168.1.0 192.168.1.255 ether1-gateway
1 10.20.30.49/24 10.20.30.0 10.20.30.255 ether2-local-master
2 D 10.20.30.200/24 10.20.30.0 10.20.30.255 ovpn-out1

[admin@Client 750] > interface bridge print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 l2mtu=65535 arp=enabled
mac-address=00:00:00:00:00:00 protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@Client 750] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 I ether2-local-master bridge1 0x80 10 none

[admin@Client 750] > interface ovpn-client print
Flags: X - disabled, R - running
0 name="ovpn-out1" mac-address=00:00:00:00:00:00 max-mtu=1500
connect-to=192.168.1.101 port=1194 mode=ethernet user="david"
password="123456" profile=profile1 certificate=cert1 auth=sha1
cipher=aes256 add-default-route=no
[admin@Client 750] > ppp
aaa active profile secret export
[admin@Client 750] > ppp profile print
Flags: * - default
0 * name="default" use-compression=default use-vj-compression=default
use-encryption=default only-one=default change-tcp-mss=yes

1 name="profile1" use-compression=default use-vj-compression=default
use-encryption=required only-one=default change-tcp-mss=default

2 * name="default-encryption" use-compression=default
use-vj-compression=default use-encryption=required only-one=default
change-tcp-mss=default
[admin@Client 750] >

[admin@Client 750] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=input action=accept protocol=icmp

1 ;;; default configuration
chain=input action=accept connection-state=established
in-interface=ether1-gateway

2 ;;; default configuration
chain=input action=accept connection-state=related
in-interface=ether1-gateway

3 X ;;; default configuration
chain=input action=drop in-interface=ether1-gateway
[admin@Client 750] >


The Ovpn-Client is connected with server, but it's impossible to ping server vs client and client vs server.

Please, where is the error ?

Thanks
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 188 guests
  4. RouterOS
  5. General