Openvpn Lan-Lan

dlopez · Thu Feb 16, 2012 11:02 pm

Hi, I'm trying to setup an Openvpn tunnel using two RB750. I've done the basic setup, the client MT connects to the server MT, the link is stablished and the server MT add a Route for the client Lan that I've setup on the PPP - Secrets.

Now the problem is that in the client MT there is no route to the server MT lan, so there is no traffic between them. If I add by hand the route all works fine, so the question is, is there any way to send the route from the server to the client (In linux there was a PUSH ROUTE option but I just don't see that on the MT).

BTW, I tried using the "Add-Default-Route" on the client and it works, but I don't want all the traffic from the client going through the VPN, just the LAN to LAN traffic.

 LAN 1 ( 192.168.0.0/24 ) --- > MK (RB750) -----> Internet <------ MK (RB750) <------ LAN 2 (192.168.1.0/24)

luiscandia · Thu Feb 16, 2012 11:15 pm

Could you post your config please? I'm having an similar problem with a OPVN, but I cannot ping LAN to LAN.

dlopez · Fri Feb 17, 2012 2:14 am

Sure, here is my config.

First the MT Server Config :

OpenVPN Server Config :

interface ovpn-server server print 
                     enabled: yes
                        port: 1194
                        mode: ip
                     netmask: 24
                 mac-address: xx:xx:xx:xx:xx:xx
                     max-mtu: 1500
           keepalive-timeout: 60
             default-profile: OpenVPN
                 certificate: Server
  require-client-certificate: yes
                        auth: sha1
                      cipher: aes256

OpenVPN Profile :

name="OpenVPN" local-address=172.21.0.1 remote-address=OpenVPN remote-ipv6-prefix-pool=(unknown) use-ipv6=yes use-mpls=default use-compression=yes use-vj-compression=yes use-encryption=required only-one=no change-tcp-mss=default

OpenVPN User :

/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=client password=password profile=OpenVPN routes=192.168.2.0/24 service=ovpn

OpenVPN Interface :

/interface ovpn-server server
set auth=sha1 certificate=Server cipher=aes256 default-profile=OpenVPN \
    enabled=yes keepalive-timeout=60 mac-address=xx:xx:xx:xx:xx:xx max-mtu=\
    1500 mode=ip netmask=24 port=1194 require-client-certificate=yes

OpenVPN Pool :

/ip pool
add name=OpenVPN ranges=172.21.0.2-172.21.0.254

Now, the client config :

OpenVPN Client Interface :

/interface ovpn-client
add add-default-route=yes auth=sha1 certificate=Client cipher=aes256 connect-to=172.20.0.1 disabled=no mac-address=xx:xx:xx:xx:xx:xx max-mtu=1500 mode=ip name=VPN password=password port=1194 profile=profile1 user=client

Beware that with this config, if you allow the traffic in your firewall (Filter Table, forward chain), you should get traffic from LAN to LAN but all the traffic from the client to the internet would also go thought the VPN using the server connection. If you don't want that, you could disable the "add-default-route" on the client interface and add an static route only for you lan, but it would be cool if there was any way to get the openvpn server pass that route by it self.

Hope it helps.

ener · Sat Dec 07, 2013 1:38 pm

can you help me configure ovpn Lan-to-Lan sir?

i cant connect ..

Openvpn Lan-Lan

Openvpn Lan-Lan

Re: Openvpn Lan-Lan

Re: Openvpn Lan-Lan

Re: Openvpn Lan-Lan

Who is online