openvpn virtAP subnet routing

RouterOS Beginner Basics
1

Getns, I have managed to create ovpn client from Mikrotik device to my Debian server.




I have created interface virtAP (5GHz) and assigned subnet 10.10.20.0/24 to it; DHCP server as well…
when I connect to my virtAP I get address from 10.10.20.0/24 pool.

now I need to route my 10.10.20.0/24 thru openvpn tunel…

My penvpn interface on Mikrotik router is up and running: connected










my Debian openvpn config:

# cat /etc/openvpn/openvpn.conf
port 443
proto tcp
dev tun
ca ca.crt
cert serverJB.crt
key serverJB.key
dh dh2048.pem
server 10.10.0.0 255.255.255.0
cipher AES-256-CBC
user nobody
group nogroup
status /var/log/openvpn-status.log
log-append /var/log/openvpn
verb 3
mute 0
max-clients 100
keepalive 10 120
persist-key
persist-tun
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push “dhcp-option DNS 8.8.4.4″


####

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  10.10.0.0/24         anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

# ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.10.0.1  P-t-P:10.10.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1052 errors:0 dropped:0 overruns:0 frame:0
          TX packets:164 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:142747 (139.4 KiB)  TX bytes:13300 (12.9 KiB)

I will share Mikrotik config later…

I also have 2 APs with subnet 172.17.1.0/24…it is for my wifi users to go via local ISP with NAT on vlan11…

from ISP I have trunk port (ether1) 2 vlans FROM ISP:

VLAN 11 is intenet
VLAN 13 is for IPTV multicast…


I have followed this guide to manage openvpn server & client on MIkrotik:
http://forum.mikrotik.com/t/tutorial-mikrotik-ovpn-client-as-gateway-interface/72140/1


which way You suggest to go to route my virtAP subnet 10.10.20.0/24 thru openvpn server ?

Thank You!