Openvpn Lan-Lan

dlopez · February 16, 2012, 9:02pm

Hi, I’m trying to setup an Openvpn tunnel using two RB750. I’ve done the basic setup, the client MT connects to the server MT, the link is stablished and the server MT add a Route for the client Lan that I’ve setup on the PPP - Secrets.

Now the problem is that in the client MT there is no route to the server MT lan, so there is no traffic between them. If I add by hand the route all works fine, so the question is, is there any way to send the route from the server to the client (In linux there was a PUSH ROUTE option but I just don’t see that on the MT).

BTW, I tried using the “Add-Default-Route” on the client and it works, but I don’t want all the traffic from the client going through the VPN, just the LAN to LAN traffic.

 LAN 1 ( 192.168.0.0/24 ) --- > MK (RB750) -----> Internet <------ MK (RB750) <------ LAN 2 (192.168.1.0/24)

luiscandia · February 16, 2012, 9:15pm

Could you post your config please? I’m having an similar problem with a OPVN, but I cannot ping LAN to LAN.

dlopez · February 17, 2012, 12:14am

Sure, here is my config.

First the MT Server Config :

OpenVPN Server Config :

interface ovpn-server server print
enabled: yes
port: 1194
mode: ip
netmask: 24
mac-address: xx:xx:xx:xx:xx:xx
max-mtu: 1500
keepalive-timeout: 60
default-profile: OpenVPN
certificate: Server
require-client-certificate: yes
auth: sha1
cipher: aes256

>
> OpenVPN Profile :
>
> ```text
name="OpenVPN" local-address=172.21.0.1 remote-address=OpenVPN remote-ipv6-prefix-pool=(unknown) use-ipv6=yes use-mpls=default use-compression=yes use-vj-compression=yes use-encryption=required only-one=no change-tcp-mss=default

OpenVPN User :

/ppp secret
add caller-id=“” disabled=no limit-bytes-in=0 limit-bytes-out=0 name=client password=password profile=OpenVPN routes=192.168.2.0/24 service=ovpn

>
> OpenVPN Interface :
>
> ```text
/interface ovpn-server server
set auth=sha1 certificate=Server cipher=aes256 default-profile=OpenVPN \
    enabled=yes keepalive-timeout=60 mac-address=xx:xx:xx:xx:xx:xx max-mtu=\
    1500 mode=ip netmask=24 port=1194 require-client-certificate=yes

OpenVPN Pool :

/ip pool
add name=OpenVPN ranges=172.21.0.2-172.21.0.254

>

Now, the client config :

OpenVPN Client Interface :

```text
/interface ovpn-client
add add-default-route=yes auth=sha1 certificate=Client cipher=aes256 connect-to=172.20.0.1 disabled=no mac-address=xx:xx:xx:xx:xx:xx max-mtu=1500 mode=ip name=VPN password=password port=1194 profile=profile1 user=client

Beware that with this config, if you allow the traffic in your firewall (Filter Table, forward chain), you should get traffic from LAN to LAN but all the traffic from the client to the internet would also go thought the VPN using the server connection. If you don’t want that, you could disable the “add-default-route” on the client interface and add an static route only for you lan, but it would be cool if there was any way to get the openvpn server pass that route by it self.

Hope it helps.

ener · December 7, 2013, 11:38am

can you help me configure ovpn Lan-to-Lan sir?

i cant connect ..