I have read and re-read everything I can search on Google, this is the only relevant thing I can find on the subject, but it is exactly what I want to do..
Is it possible to use OpenVPN for a Site-to-Site VPN configuration? Everything I click and type, points me in the direction that it canātā¦ So Iām not doing something right.
Seems like one of the base features of OpenVPN (of course so does UDP though) is Site-to-Site, but I canāt find any documentation on it nor tutorials on it.
I think you can, I do it with PPTP and SSTP vpns. OpenVPN is conceptually the same.
This article is everything on how to connect one to the other to make a client-to-gateway VPN, are you able to get this part working? http://wiki.mikrotik.com/wiki/OpenVPN
Everytime I read this, I only see single remote host connecting to the ālocalā network via OpenVPN.. Still not seeing anything about LAN-to-LAN configuration.
Yes, single host connecting remotely, I can do (phone for example).
Not sure about that, I found OpenVPN site-to-site easier and more stable, as often different vendors implement IPSec differently and a pain in the butt to setup. All OpenVPN clients are basically the same, except that I canāt get access to the OpenVPN command line to set things up, nor really seeing it in the RouterOS CLI or WebGUI
Not all my ādeployedā network gear supports IPSEC, but OpenVPN works.
Can you ping from the client side Mikrotik to any device on the server side Mikrotik? Once you get this far, then connecting the two lans is as follows.
Your two Lans will have to be separate subnets.
On the SERVER mikrotik, the inbound OVPN connection creates a dynamic interface. When the connection is disconnected, the interface disappears. You need a static interface in order to apply routing.
Create an interface of OVPN Server, youāll need one for each remote site. Put the username of the connecting OVPN connection in the āUserā field. When an inbound connection uses that username, then that static interface is used to reference that connection.
Then go to Routes and create a route. The dst-address should be your remote LAN (ie: 192.168.2.0/24), Gateway will be the static OVPN interface you created.
Now packets destined to the remote LAN know to go over the OVPN connection.
On the CLIENT mikrotik, you have to also create a route.
Dst. Address should be remote LAN, gateway will be your OVPN Client interface. This interface is static by default for client VPN connections.
This is how my SSTP and PPTP site-to-sites work. OpenVPN implementation in Mikrotik is limited to using NET30 as a topology, Iām not sure what impact this will have on the above config.
I only have one Mikrotik router and four locations I am trying to connect together,
I am thinking Star topology this time, since I am making a major change anyway (last time I set this up, it was Fully-Connected). > Not that this relates to the problem
But needing to use NET30, definitely explains some of my issues and confusion. Any idea why this forced?
net30 is effectively ādeprecatedā but remains the OpenVPN 2.3-series default for fear of breaking backwards-compat configs that rely on this behavior. Each client is allocated a virtual /30 network, and Windows clients must use the 2 IPs in the center, generally allocating the even IP to the client (though this is convention only.)
The only real reason to use the net30 topology is when requiring support for Windows clients before 2.0.9, or when any Windows clients must be supported and non-Windows clients must be supported that cannot set IP+netmask on the tun adapter. These conditions are rare, and the 2.0.9 client is around 7 years out of date as of 2014.
Routing to/across the VPN range gets harder in net30 since the clients on-link network is just the /30, so an additional āsupernetā route must be added to reach the rest of the VPN, including the server at its designated IP. This complicates routing and makes understanding the config harder.
