Hi Guys,
I need help! I have in office an RB951 and in this route I setuped Openvpn Server. I beleave configuration is ok, because when I make connection with windows client the tunnel is stabilized. But I don’t access any resource network.
Search in internet some documents and tutorials, it’s ok the setup.
Has anyone had the same problem or any tips to help me? I’ve already set up a route on the Windows client, and even then I don’t have access to the network behind Mikrotik.
If bridge mode (tap) then:
If you have a bridge1, edit the interface and set arp mode to proxy.
If you don’t have bridge 1, edit ether2 and set arp mode to proxy.
Can you at least ping the Mikrotik address?
Hi Van9018
I have one bridge, but I use to another function.
Jus to understand the RB configuration is as follows:
Ether1 - Link Internet
Ehter2 - Link Internet (failover)
Ehter3 - Lan Dados
Ether4 - (Lan Voip)
Ehter5 - Access Point
I ping the VPN pool that I created to distribute to the clients connecting in the VPN, and ping the public ip that I connect to the VPN.
I have to create the static route, to connect my VPN LAN with Office Lan?
Thanks for your help!
Yes - you have to create static routes.
You’d start off with a basic client-to-gateway setup as described here: http://wiki.mikrotik.com/wiki/OpenVPN
Once you get that part working, then you move onto the site-to-site config by adding static routes.
Your two Lans will have to be separate subnets.
On the SERVER mikrotik, the inbound OVPN connection creates a dynamic interface. When the connection is disconnected, the interface disappears. You need a static interface in order to apply routing.
Create an interface of OVPN Server, you’ll need one for each remote site. Put the username of the connecting OVPN connection in the “User” field. When an inbound connection uses that username, then that static interface is used to reference that connection.
Then go to Routes and create a route. The dst-address should be your remote LAN (ie: 192.168.2.0/24), Gateway will be the static OVPN interface you created.
Now packets destined to the remote LAN know to go over the OVPN connection.
On the CLIENT mikrotik, you have to also create a route.
Dst. Address should be remote LAN, gateway will be your OVPN Client interface. This interface is static by default for client VPN connections.
This is how my SSTP and PPTP site-to-sites work. OpenVPN implementation in Mikrotik is limited to using NET30 as a topology, I’m not sure what impact this will have on the above config.
Finally, for site-to-site VPNs you may max out your router’s CPU when using OVPN (or SSTP). I can only get 3-5mbps before the router becomes overworked and unresponsive.
If your RB supports hardware acceleration (Hex does) then consider using IPSec or IPSec/GRE. Hardware acceleration is only used in IPSec.
Thanks Van9018 for your answer!
My VPN isn’t site to site. Is only site to client. To add one static route, I go to winbox IP > Routes > click on plus, and I insert ip from the my VPN 192.x.x.x/24 and the gateway I insert ip from my Lan Office?
Are you using tap(bridge) or Tunnel/IP mode for OVPN?
Use TAP/Bridge for client. I think that creates a layer 2 tunnel so you don’t have to worry about routes.
I’m using Tunnel/IP mode for OVPN.
Sorry, but you can help me on this issue? Because I started working with router mikrotik recently and I’m not familary.