Hello,
I have a home network behind RB750. I’d like to setup the board as a client to my school network where I have a server with OpenVPN server.
I successfully configured the client and I’m able to reach the server from RouterOS but not from the computers in may home network.
Could someone please give me an advice how to configure the router? I want to use this VPN especially for samba connection from the home network computers.
Is it possible to get the IP address from server side DHCP server for my router?
Is it possible to get the IP address from server side DHCP server for my router?
No, if the 750 is not on the same network with DHCP server.
I have a home network behind RB750. I’d like to setup the board as a client to my school network where I have a server with OpenVPN server.
I successfully configured the client and I’m able to reach the server from RouterOS but not from the computers in may home network.
Configure routing on the RB750,
/ip route add gateway=address_of_VPN_tunnel dst-address=Private_Network_of_School_network
Then school network should be accessible over the tunnel.
My interface is ovpn-out1
Ovpn netvork is 10.88.0.0/24
Server is 10.88.0.1
I can ping it from mikrotik, but not from local network computers even with following route
/ip route add gateway=10.88.0.1 dst-address=10.88.0.0/24
Check that client has default gateway (default gateway is router’s address).
Disable the rule /ip route add gateway=10.88.0.1 dst-address=10.88.0.0/24,
check your current /ip route and see the route, which is pointing to 10.88.0.0/24 network.
Fefault route open-vpn1 interface adds route
/ip route add gateway=10.88.0.1 dst-address=0.0.0.0/0, and gateway is unreachable
I expected that
/ip route add gateway=10.88.0.1 dst-address=10.88.0.0/24, should route all traffic to 10.88… net to attached gateway. Maybe there’s a problem, that 10.88.0.1 is remote server and there probably should be some additional settings.
I would recommend to use different IP addresses for the tunnel, which are not the same as used on school or your local network.
For example, you can use 10.2.1.1 as local address and 10.2.1.2 as remote address on OVPN server.
router will create appropriate route for VPN tunnel to work, you will need to add new route rule,
/ip route add dst-address=10.88.0.0/24 gateway=10.2.1.1 (configuration on OVPN client).
I’m sorry for dumb questions, but I still can’t get it working.
I have a linux server with public ip address for ex 1.2.0.124 (network 1.2.0.0) and a small network (192.168.88.0) behind RB750.
I have successfully configured OpenVPN tun0 device on the linux server with address 10.88.0.1.
I have created a new client interface openvpn-out1 connecting to 1.2.0.124. It creates also a new route with dst-address 10.8.0.1 and gateway openvpn-out1.
VPN works well, I can now ping 10.88.0.1. And from the server I can connect to 10.88.0.6 (address of the MT router in vpn) as well.
Now I’d like to be able to connect to 10.88.0.1 from the network behind the router, and also to route some communications (on some ports) to the network (1.2.0.0) through the vpn, not through the internet.
Could you please describe me the steps how to reach this?
The only thing I can do is to ping the 10.88.0.1 (vpn server) from my MT terminal. Same try from a computer behind MT fails.
Traceroute to the 1.2.x.x goes always throught the internet (UPC direct).
Shouldn’t there be for example any settings in firewall? (I’m using masquerade against internet)
I am using OpenVPN in same way you want. I have network behind OpenVPN client (MT) and also network behind OpenVPN server (linux pc). PC from one network can talk with PC in other network. So, If you have OpenVPN tunnel running, it is necessary to tell RB750 and linux server how to reach PCs at the far side.
Lets suppose that 192.168.1.0/24 is your home network, 192.168.100.0/24 is network behind linux server, 10.0.10.0/24 is OpenVPN network, where 10.0.10.1 is servers VPN end and 10.0.10.10 is clients VPN end. There are also internet connectivity address at both sides, let x.x.x.x be at client (UPC) and y.y.y.y is at server side.
Now you have to tell RB750 how to reach PCs behind server:
so DST-ADDRESS 192.168.100.0/24 GATEWAY 10.0.10.10 (interface ovpn1)
On the server side you must tell how to reach PCs behind RB750:
so DST-ADDRESS 192.168.1.0/24 GATEWAY 10.0.10.1 (inteface tun0)
Could you please describe me in more details how you get the things working?
I have tried your suggestion, but without succes.
My VPN tunnel is running because I can ping 10.88.0.1 (Linux server) from MT terminal and ssh to MT as 10.88.0.6 from the server.
But with any route I have tried I was not able to ping 10.88.0.1 from the network behind MT. It’s really wierd.
If your tunnel is running, there is no more setting than I have described in previous post. Did you set the route at the server side? Try to imagine how the router have decide what to do with your packet.
Your PC send packet to it’s default gateway (your RB750) because don’t know better target for it. RB750 takes packet looks at the destination IP address and have to decide where forward packet. For RB750 is default gateway some box in UPC network. If you set route for vpn badly, packet will fall to the default gateway but not to the VPNs far end. This is wrong. You need rule witch say to the router that next hop for this packet is the far end of the vpn tunel. Vpn server knows that target network is connected directly to one of its interfaces.
The problem is that the PCs on the remote network where the OpenVPN server is does not know where to get hold of your home network IP range. (1) Either add a route on the remote/server network to point back to your home network, or (2) masquerade (src-nat) all traffic from your home network going out on the ovpn-client interface.
