Hi!
Is it possible to configure openVPN client on Mikrotik router so that only the router can access the routed VPN subnet?
Like deleting the route from the routing table, but only allow that particular router to access that subnet.
Thanks!
Unless you’re after something special, there’s mighty tool called firewall, it can allow access to tunnel from router and block any attempts from elsewhere.
Well the mighty tool called firewall will not work here.
I want the router to forward packets to the default gateway from clients even if it is the subnet of the VPN and only allow the router to access this subnet.
Firewall will block that subnet entirerly. Or is there any feature of the firewall which I don’t know?
So you have overlapping subnets? That makes it more difficult, but probably still doable using another routing table. Either using some semi-manual config for VPN client (I don’t use RouterOS as OpenVPN client, so I’m not sure if that’s possible) or using VRF (I’m not the best friend with that either, but it should work; you’d create new VRF and assign VPN client interface to that).
Yes I think VRF could help. Though I did not find any usable example for this case (VPN with VRF). I will look into it, hope it would work!