OVPN issue (can't reach hosts on the same network)

Hi,

I’m new to mikrotik and have just setup a CRS125 with following (simple) setup.
a) a public network (master port 1)
b) a private network 10.0.0.0/24 (master port 18)

Now I’ve setup openvpn as I want to reach the hosts in the private LAN (10.0.0.1) offsite.

→ I’ve set the local address to 10.0.0.1 and remote to 10.0.0.99 and followed most
steps from the wiki ←

OpenVPN is working fine and from the CRS I can ping all hosts.
e.g. my VPN IP 10.0.0.99 as well as the regular hosts on 10.0.0.2xx

When connected via VPN I can ping and work on webfig without issues but I just
can’t connect to the other hosts on the 10.0.0.0/24 network via VPN.

I guess I must have missed something - but I think it’s not the route as all IPs are in the same subnet
Any advice?

Other question: I’ve limited access to the different CRS services to specific IPs. But when I’m in the ovpn I can access webfig even though I’ve got the 10.0.0.99 IP that’s not on the whitelist for that service.





Last question: I limited service access

Hi, I’m having the same issue. Did you resolve it?

thanks

The problem is that you have both interfaces (public and private) attached to different master ports. Basically you have isolated the two networks so they are unable to talk to each other despite the fast they use the same ip range.

I would suggest assigning different IP range to VPN side and set up correct routing.

I second kamillo’s suggestion of adding a seperate address pace for VPN users.
Alternatively, you can add a bridge, add your LAN master port to that bridge and migrate its IP address to it.
Set the ARP mode of that bridge to proxy-arp and you should be able to connect from VPN.

-Chris

Above solution is Ok just keep in mind that CRS doesn’t have powerful CPU and if you bridge interfaces whole traffic will pass through CPU (traffic from bridged interfaces). So keep an eye on the CPU usage