OVPN Site-to-site with remote clients

ssdzkrez · May 9, 2020, 8:48am

Hi guys, I have a problem and I need your help please.

I setted up Site to Site OpenVPN network with online tutorials. It works fine, all devices in LOCATION 1 can reach LOCATION 2 and vice versa. Problem is “Remote User”. He can ping Mikrotik router (192.168.10.1), and OVPN (192.168.10.241), but he has no acces to the local network in LOCATION 2 (10.160.15.0/24).

Ping from Remote User:
Ping 192.168.10.1 — OK
Ping 192.168.10.241 — OK
Ping 10.160.15.1 — FAILED
Ping 10.160.15.0/24 – FAILED in all devices

After several days of spending my evenings to solve this problem I got nothing. I tried many things described in forums, tutorials, but nothing works for me. My knowledge about routers is basic, any help is appreciated.

This is my routes:

[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 192.168.40.1 1
1 A S 10.160.15.0/24 192.168.10.241 1
2 ADC 192.168.10.0/24 192.168.10.1 bridge 0
3 ADC 192.168.10.241/32 192.168.10.1 0
4 ADC 192.168.10.242/32 192.168.10.1 0
5 ADC 192.168.40.0/24 192.168.40.88 ether1 0

styxtdo · May 11, 2020, 10:39am

So: You have the OVPN client + Site 1 in the same subnet.
Communication (routing) between Site1 and Site2 is working.
Communication between road warriors (i.e. the remote users) and Site1 is working.

Can you check the routes on the client?
You need: either:

default (0.0.0.0) via192.168.10.1 (that is, road warriors only access the internet via Site1, never directly)
10.160.15.0/24 via VPN (this is a one-liner in the OVPN config file - literally: router 10.160.15.0/24

good luck

ssdzkrez · May 11, 2020, 11:33am

Thank you for replay.Yes, everything what you wrote is correct.

You meen OVPN config file on the “Remote user” ?

I don’t have any routes in OVPN config file. “Remote user” can connect to Mikrotik and reach all devices in LOCATION 1. So I thought routes were not necessary at “Remote user” side and the troubbles are routes at Mikrotik. I am trying to make route at server site (Mikrotik) to connect "Remote user - 192.168.10.242 to 10.160.15.0/24. No luck.

Is my approach wrong?

ssdzkrez · May 11, 2020, 3:46pm

It’s working now.

I added this in OVPN config file for “Remote user”:

route 10.160.15.x

If I add “route 10.160.15.0/24” OVPN Client report error. If I add each IP individually … works like charm.

Thank you styxtdo.

jaytcsd · May 26, 2020, 8:43am

which tutorial did you use? I’ve tried 3 or 4 and never get it to work, thanks