How to Bridge VPN Client to Single LAN Port ?

frank333 · March 22, 2020, 7:39am

Would like to connect a single lan port to the vpn client. I enclose my network schematics and mikrotik configuration.
Vpn ipsec already works, in fact I can reach the mikrotik from outside LAN
https://forum.mikrotik.com/download/file.php?id=40366
https://forum.mikrotik.com/download/file.php?id=40367

Zacharias · April 5, 2020, 3:45pm

There is a problem with your setup. Both Routers are on the same subnet 192.168.1.0/24
I would suggest you change the Mikrotik’s subnet to lets say 192.168.189.0/24 or whatever you like…
Then create the approriate routes so that Mikrotik can reach 192.168.1.0/24 and the Ubiquiti the 192.168.189.0/24
After that you can use Firewall and limit access to only what you want…

frank333 · April 6, 2020, 6:05pm

that’s what I did:

/ip dhcp-client
add disabled=no interface=ether1

/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=bridge1 list=LAN

/ip address
add address=192.168.1.103/24 disabled=no interface=ether1 network=192.168.1.0
add address=192.168.189.10/24 disabled=no interface=ether2 network=192.168.189.0

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

/ip route
 0 ADS  0.0.0.0/0                          		192.168.1.1               1
 1 ADC  192.168.1/24        192.168.1.103     	ether1                    0
 2 ADC  192.168.189.0/24   192.168.189.10  		bridge1                   0

but it doesn’t work