Successfully established OPENVPN server. Clients can connect,but I have to specify the route on client side in the config file, as I need to send just some traffic to some machines through VPN.
So this
route 192.168.2.0 255.255.255.0 10.10.11.1 1
works.
The question is: Is there a possibility (on the RB) to push such a route to the clients?
In fact I´m missing something something like the OPENVPN server configuration file, where I would put
You could use a routing protocol (RIP, OSPF…) to do that to some extent, if your client can cope with it.
AFAIK even Windows clients can do RIPv2 listening.
I have the same problem and the same solution, I have not been able to find a way to do it from the server (Mikrotik), it is already known if the next versions of RouterOS will add this option?
AFAIK only udp support was promised so far. But it better mean all missing features, because if udp comes out and we’ll have to make another ten years going thread for pushing routes or another feature… no, no way, that’s just a bad thinking, lets not do it.
Each new version I check if there is something new about it.
Openvpn server on mikrotik works really well. I have 100+ clients connected via openvpn witout any problem… except when I need to add a new route…
You should send routes via BGP, here’s a configuration for Bird 1.6.4 BGP server, running on linux & a Mikrotik router client, which connects via a tunnel. The tunnels endpoints assigned IP-addresses are:
192.168.111.1, adapter name: tun0 - Linux server
192.168.111.2, adapter name: ovpn-out1 - Mikrotik client
First install BIRD server, create routing table 50 with echo “50 mikrotik”>>/etc/iproute2/rt_table, then add this configs:
/etc/bird.conf:
log "/var/log/bird.log" all;
protocol kernel {
learn;
scan time 20;
export all;
kernel table 50;
}
protocol device {
scan time 180;
}
protocol static {
import none;
route 1.2.3.0/24 via "tun0";
route 192.168.10.0/24 via "tun0";
route 192.168.20.0/24 via "tun0";
route 10.10.0.0/16 via "tun0";
}
protocol bgp internal {
debug all;
description "My BGP uplink";
local as 65000;
neighbor 192.168.111.2 as 64496;
multihop;
hold time 360;
startup hold time 5;
connect retry time 20;
router id 192.168.235.1;
keepalive time 120;
connect delay time 5;
error wait time 5, 300;
next hop self;
path metric 1;
default bgp_med 0;
default bgp_local_pref 0;
source address 192.168.111.1;
export filter { print "exporting internal"; accept; };
}
Those configs will get Mikrotik route 1.2.3.0/24, 192.168.10.0/24, 192.168.20.0/24,10.10.0.0/16 and any destination, that exists in the routing table 50 on the linux server (use on linux something like ip route add 192.168.200.0/24 dev tun0 table 50 to add or ip route del 192.168.200.0/24 dev tun0 table 50 to delete routes from mikrotik)
I have a problem that when my client’s connect they don’t install a route. When I go to terminal and input netstat -nr there is no route for the network on the VPN
This is what I put in the client.ovpn
route 192.168.178.0 255.255.255.0 10.11.12.1 1
I also tried just:
route 192.168.178.0 255.255.255.0
This works on my Windows machine which installs the route - MacOS doesn’t.
Any help would be appreciated.
This is my client.ovpn
client
dev tun
proto tcp
remote server_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA1
auth-user-pass
route 192.168.178.0 255.255.255.0 10.11.12.1 1
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
If I add the route manually in the terminal, I can access the remote LAN:
I don’t understand the vision of mikrotik. it focuses on rasberry pi (patent) options. When I hear Tech talking, I have a mikrotik in my laboratory or in my house. I would like to hear we implant mikrotik in big companies. But it lacks functions that only the competition at the same took.
One of the big options, push the routes to the VPN client. Openvpn genre. I will turn to pfsense in this case which is extremely stable and easy or a sonicwall with vpn ssl or ubiquiti.
we can see a big CCR but why put it in business when you have to modify routes to 80 users. So I’m going to tell myself we’re going to put it in a small PME 10 user as its not too hard to manage.
Mikrotik go with the flow. Put a special project team option to develop as a hotspot etc … any unusual option for routers. like turning on a toaster.
Team: option used in business as a real router.
To enter SMEs and non-SMEs 5 user.
Like pushing routes, replicating the HA configuration in another Stanby router. Facilitate configuration tasks for users.
I know the scripts exist, but you update your router pi you right practically redo your script.
Even version 7 which arrives does not impress me. We are in 2020.
It’s a shame that the priorities are out of the commum
Just simply Wow, mikrotik can do a lot of things i can’t really believed pushing routes is a basic feature I don’t want to pop up a server/vm just for this, why the hesitation to implement this feature?
Holy hell.
Is MikroTik firmware development team that incompetent that they can’t allow you to add a custom OVPN Server config file, or even just f****ing add a “push static route” option for ovpn?
This is definitely the most unprofessional thing from a very professional company I’ve ever seen.
Well it’s been a few months since the last flaming post so I figured I would chime in here. I also would like this feature, it seems like it’s integral to a properly functioning Openvpn installation for most people. I know that Wireguard is the new hotness, but for many, OpenVPN is already implemented, and it would be nice to be able to put Mikrotik devices in place that can replace dedicated vpn boxes.
it would be nice to be able to put Mikrotik devices in place that can replace dedicated vpn boxes.
The major drawback with OVPN and WG is that they require 3rd party VPN clients. This is a major obstacle and creates a lot of additional burden cause of maintaining and poissible bugs. Also 3rd party network software is mostly not well integrated and has performance lacks.
Hi smufarhan,
how do you push the route from the mikrotik to the client? There isn’t any config file on the mikrotik, only server configuration that doesnt allow so much configuration…
It would help me so much, thank you
