Hello,
we currently have two buildings with Mikrotik routers interconnected using OpenVPN. Let’s call them Site A and Site B. Site A is configured as a server while Site B is configured as a client.
It is planned to add a third location (Site C) which will also be configured as a client to connect to Site A, similarly to Site B.
So I’ve adapted the existing configuration to have something like this:
Site A (server)
/ip pool add name=ovpn-client-pool range=192.168.1.2-192.168.1.3
/ppp profile add name="vpn" local-address="192.168.1.1" remote-address="ovpn-client-pool" use-encryption=required
/ppp secret
add name="openvpnuser_site_b" password="password" service=ovpn profile=vpn
add name="openvpnuser_site_c" password="password" service=ovpn profile=vpn
interface ovpn-server add name=vpn_site_b user=openvpnuser_site_b
/interface ovpn-server add name=vpn_site_c user=openvpnuser_site_c
/interface ovpn-server server set port=1194 mode=ip netmask=32 auth=sha1 cipher=aes256 default-profile=vpn certificate=vpn.crt require-client-certificate=yes enabled=yes
/ip route add dst-address=site_b_networks/mask gateway=192.168.1.2 distance=1
/ip route add dst-address=site_c_networks/mask gateway=192.168.1.3 distance=1
Site B (client1)
/ppp profile add name="vpn_site_b" local-address=192.168.1.2 remote-address=192.168.1.1 use-encryption=required
/interface ovpn-client add name=vpn_site_b" connect-to=wan_site_a port=1194 mode=ip user=openvpnuser_site_b password="password" profile=vpn_site_b" certificate=vpn.crt auth=sha1 cipher=aes256 add-default-route=no
/ip route add dst-address=site_a_networks/mask gateway=192.168.1.1 distance=1
Site C (client2)
/ppp profile add name="vpn_site_c" local-address=192.168.1.3 remote-address=192.168.1.1 use-encryption=required
/interface ovpn-client add name=vpn_site_c" connect-to=wan_site_a port=1194 mode=ip user=openvpnuser_site_c password="password" profile=vpn_site_c" certificate=vpn.crt auth=sha1 cipher=aes256 add-default-route=no
/ip route add dst-address=site_a_networks/mask gateway=192.168.1.1 distance=1
The VPN connections go smoothly, however, the first thing i see is that Site C gets the IP address of Site B (192.168.1.2 instead of 192.168.1.3) and vice-versa. Do you know why (yet I set the local address parameter for each client, it seems ignored) ?
It is important that they got the right IP address as I declared static routes. I believe it explains why I can’t ping from A to B, A to C, C to A and B to A.
I thank you in advance for your help,
PS: they are all running the latest version (stable branch). Models are site B & C : Mikrotik RB2011UIAS-RM ; site A : Mikrotik CCR1016-12G
Best regards