I am new to MikroTik routers. Through trail and error I got my RBL750GL to connect to a OpenVPN server (ClearOS) based.
My current setup is as such:
Lan A - MikroTik ---- [internet] — OpenVPN Server – Lan B
I can access everything from the LAN A side. But I would like to know what NAT rule i can use to allow traffic to come back from LAN B ? I can ping the tunnel interfaces on both sides. I just don’t know what to do so i can allow traffic to come back via the client connection if initiated from the LAN B side.
Note: this is NOT a site to site connection. The MikroTik acts as client to the openvpn server. And if possible I would like the traffic to come back as well. So if a user on LAN B wants to copy a file to user on LAN A as a example?
If LAN A only ever initiates the connection, then you can use a masquerade rule on the Lan A Mikrotik. Packets going out on your PPTP client interface should be masqueraded.
If LAN B also needs to be able to initiate connections, then you don’t configure NAT on either side. Instead you use routing. On LAN A, Your need add a route to say that packets destined for 192.168.30.0/24 shall be routed down the PPTP-Client interface.
On the LAN B OpenVPN Server, you need to configure it to send packets destined for 10.0.0.0/24 down the PPTP connection. I’m not so good with OpenVPN, but I believe it doesn’t create interfaces so you’d have to route 10.0.0.0/24 to the IP that’s given to the Mikrotik. (So you’d have to configure OpenVPN to always give the same IP to it).
While PPTP is considered a client/server VPN, at this point you’d call it a site-to-site VPN and control access via Firewall rules.