OpenVPN and subnet for Windows Client

RouterOS General
1

Hi all,
I’ve configured a RB951G-2HnD with this officila tutorial http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step but I’m not able to maket it works.

I want a Windows client able to reach a remote Windows File Server.
I don’t need to use the RouterBoard as a Internet gateway.

This is the Windows OpenVPN config file:

client
proto tcp
dev tun
remote REMOTEIP
resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt

ns-cert-type server
tls-client


auth-user-pass auth.cfg
auth-nocache

verb 3
script-security 3

route 192.168.111.0 255.255.255.0

The error I get on the Windows client is:

There is a problem in your selection of --ifconfig endpoints [local=172.21.0.10, remote=172.21.0.254].  The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet.  This is a limitation of --dev tun when used with the TAP-WIN32 driver.  Try 'openvpn --show-valid-subnets' option for more info.

How can I solve this problem?

Thank you.

2

Hi!

try to correct route
route 192.168.111.0 255.255.255.0 10.10.1.1

where 10.10.1.1 your VPN network

3

Thank you vitaly.

I used “route 192.168.111.0 255.255.255.0 172.21.0.1”

192.168.111.0 is the LAN subnet on the routerboard
172.21.0.1 is the local IP address for the VPN (the one configured in PPP → Pofiles as Local Address)

I still get the same error.

4

No advice?

5 
/interface ovpn-server server> print
                     enabled: yes
                        port: 1194
                        mode: ip
                     netmask: 32

check your netmask in server config, for mzfk windows it must overlapping server IP and your host IP. So, linux based connect is OK:

2018-01-10 17:45:00 /sbin/ifconfig utun1 172.16.0.63 172.16.0.1 mtu 1500 netmask 255.255.255.255 up