its my first post here ..
i have some problem when implementing OpenVPN, i hope i can find solution here
i plan to connect my branch office network - a small office with not more than 10 client
to my head office network,
i already setup an OpenVPN server behind a mikrotik firewall in my head office network,
i using Linux ClearOS,
i try to the OpenVPN server from windows client, it just work fine.. i can access openvpn server and
access my head office network.
but when im trying to use mikrotik as an OpenVPn Client from my branch office network, it not work well
the mikrotik OpenVPN client succesfully establish connection to the OpenVPN server in my head ofiice network.
but form the mikrotik router cant ping the OpenVPN Server IP / tun interface IP,
i cant ping to 172.16.0.1
btw is here is the network topology and Openvpn server and client configuration
branch Office lan (192.168.88.0/24)
|
|
Mikrotik Rb751 (192.168.88.1) - OpenVPN Client IP (tun) 172.16.0.10
|
|
Internet (dynamic public IP internet connection)
|
|
Head Office - Firewall (static IP - 108.X.X.X)
|
|
OpenVPn Server(ClearOS) (172.16.99.2) OpenVPN Server IP (tun) 172.16.0.1
ClearOs OpenVPN Server Configuration
-- Client.Conf --
Code: Select all
port 1194
proto tcp
dev tun
ca /etc/ssl/ca-cert.pem
cert /etc/ssl/sys-0-cert.pem
key /etc/ssl/private/sys-0-key.pem
dh /etc/ssl/dh1024.pem
auth-nocache
server 172.16.0.0 255.255.255.0
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt
status /var/lib/openvpn/openvpn-status.log
verb 3
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/auth-ldap
push "dhcp-option DNS 172.16.99.3"
push "dhcp-option WINS 172.16.99.3"
push "dhcp-option DOMAIN terminix.co.id"
push "route 172.16.99.0 255.255.255.0"
Code: Select all
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.0.1 P-t-P:172.16.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:575 errors:0 dropped:0 overruns:0 frame:0
TX packets:685 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:54007 (52.7 KiB) TX bytes:82286 (80.3 KiB)
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.16.0.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0
172.16.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 172.16.99.1 0.0.0.0 UG 0 0 0 eth0
Mikrotik RB751 - OpenVPN client Configuration
-- IPAddress --
Code: Select all
# ADDRESS NETWORK INTERFACE
0 192.168.88.1/24 192.168.88.0 bridge-local
1 D 182.4.252.25/32 10.112.112.130 ppp-out1 -- Dial Up Modem
2 D 172.16.0.10/32 172.16.0.1 ovpn-out2 -- interface OpenVpn client
Code: Select all
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 10.112.112.130 1
1 ADC 10.112.112.130/32 182.4.252.25 ppp-out1 0
2 ADC 172.16.0.1/32 172.16.0.10 ovpn-out2 0
3 A S 172.16.99.0/24 ovpn-out2 1
4 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0
Code: Select all
0 chain=srcnat action=masquerade dst-address=172.16.0.0
1 chain=srcnat action=masquerade dst-address=0.0.0.0/0