OpenVPN working, but cannot browse own subnet

awx · January 24, 2016, 7:09pm

I’ve gotten openvpn server running on my mikrotik and can connect from my android phone with the official client. My Mikrotik has two subnets defined, 10.10.10.x and 192.168.200.x. The openvpn interface is connected to the 192 subnet and my android phone get a DHCP address of 192.168.200.196 and a gateway of .197.

Once connected, I can pull up the web page of the router on either 192.167.200.1 or 10.10.10.1. I can access the web pages of devices in the 10.10.10.x subnet. However, I cannot access any IPs in the 192 subnet other than .1, .196 and .197.

The same problem exists in the other direction. LAN computers on the 10.10.10.x subnet can ping the phone and vpn gateway, but lan computers in the 192.168.200.x subnet cannot. But both subnets can communicate on the lan.

My ovpn file:

remote xxx.sn.mynetname.net 1194 tcp-client
persist-key
auth-user-pass mikrotik-client.conf
tls-client
pull
redirect-gateway def1
dev tun
persist-tun
nobind
resolv-retry infinite
<ca>...</ca>

Here is the relevant parts of my RouterOS config:

/interface bridge
add name=bridge-10
add name=bridge-192
/interface ovpn-server
add name=openvpn-inbound user=openvpn
/ip pool
add name=pool-10 ranges=10.10.10.100-10.10.10.199
add name=pool-192 ranges=192.168.200.100-192.168.200.199
/ip dhcp-server
add address-pool=pool-10 authoritative=yes disabled=no interface=bridge-10 name=dhcpsvr-10
add address-pool=pool-192 authoritative=yes disabled=no interface=bridge-192 name=dhcpsvr-192
/ppp profile
set *FFFFFFFE bridge=bridge-192 local-address=pool-192 only-one=no remote-address=pool-192
/interface bridge port
add bridge=bridge-10 interface=ether2
add bridge=bridge-192 interface=ether13
/interface ovpn-server server
set certificate=mikrotik-server.crt_0 cipher=blowfish128,aes128,aes192,aes256 default-profile=default-encryption enabled=yes
/ip address
add address=10.10.10.1/24 interface=bridge-10 network=10.10.10.0
add address=192.168.200.1/24 interface=bridge-192 network=192.168.200.0
/ip dhcp-server network
add address=10.10.10.0/24 comment=net-10 dns-server=10.10.10.1 gateway=10.10.10.1
add address=192.168.200.0/24 comment=net192 dns-server=192.168.200.1 gateway=192.168.200.1
/ppp secret
add name=testtest password=testtest profile=default-encryption

Can someone help me solve this?

awx · January 27, 2016, 3:23am

I’ve added a 3rd bridge just for openvpn users and changed my PPP profile to this:

/ppp profile
set *FFFFFFFE bridge=bridge-openvpn dns-server=192.168.201.1 local-address=192.168.201.1 only-one=no remote-address=pool-openvpn

However, I still have the same problem. My Android phone can access the 10.10.10.x subnet, but not 192.168.200.x nor its own (192.168.201.x)

awx · January 27, 2016, 12:39pm

Nevermind, I think the fix I made worked.