OpenVPN Client Configuration

w0lt · April 19, 2008, 6:25pm

I have my next task, setting up a OpenVPN link to my job from my x86 RouterOS box. Currently, the box has a DHCP lease to my Comcast cable modem (public), and a DHCP-Server on my lan side (local) I also have a simple PPTP server biridged to my local side (wan)
Public (ether2): Comcast DHCP-Client lease
Local (ether1): 172.16.11.1

I can create a opvpn interface to my job, and work with it from the Winbox terminal and it seems ok I have been unsuccessful in routeing it to my local side.

When my openvpn interface connects to my job, I receive a dynamic address of 172.16.254.10 with a network of 172.16.254.1

What would be my next step?

Many Thanks,

-tp

ahmedsaffar76 · April 19, 2008, 11:27pm

Hi ;
your illustration not clear , anyone read it miss the case .

with best regards

w0lt · April 20, 2008, 12:35am

Ok,
What part is not clear, and I’ll try to explain better..

-tp

ahmedsaffar76 · April 20, 2008, 12:15pm

Hi ;
for me it totally not clear , i am sorry to say that .
with best regards .

w0lt · April 20, 2008, 9:12pm

I’m simply trying to connect to a OpenVPN server over the public internet, from my local side of my router.

jwcn · April 21, 2008, 2:56am

Ignore him.

Are you trying to access resources by IP?

w0lt · April 21, 2008, 3:39am

I have figured it out. Yes by IP…
My X86 RouterOS box is currently configured pretty simple for home experimental/training use. As I stated earlier, simple in/out and an additional PPTP interface bridged to a DHCP server for me to access remotely. I use a local ip range of 172.16.11.0/24. My router has been functioning great but I needed to access my companies network via an OpenVPN server. After banging around trying this and trying that, the solution to my OpenVPN problem turned out to be pretty simple.

I needed to do things in the following steps:

Create an OpenVPN interface -
/interface ovpn-client
add add-default-route=no auth=none certificate=cert cipher=none comment=“” connect-to=216.XXX.XX.XXX disabled=no
mac-address=00:00:00:00:00:00 max-mtu=1500 mode=ip name=“ovpn-nwa” password=“” port=443 profile=default user=“xxxxxxx”
Masquerade the OpenVPN port with a src-nat firewall entry -
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=ovpn-nwa src-address=172.16.11.0/24

Works like a charm.

-tp

thavinci · May 2, 2008, 10:01am

This might sound like a stupid question, but WHY does it require a username?
I do not have any username/password settings on my openvpn server.
Use certificates only.

Any help would be appreciated.

Thank You!

ahmedsaffar76 · May 2, 2008, 10:25am

Hi ;
the case is strange .
he need to connect to VPN server at work .
so the MT not involve in the case here .
he just need to do VPN connection setting on his pc to connect to that VPN server at work .
the only thing he should check is the MT not blocking the pptp connections .
with best regards .