RB<->RB OVPN - Can't access serverside LAN :( (Fixed- OVPN settings problem)

sveno · August 27, 2015, 7:27am

Server RB - 192.168.1.1 (192.168.1.0/24)
Client RB - 192.168.2.1 (192.168.2.0/24)
PPP pool - 10.0.0.0/24, server is 10.0.0.1, client gets 10.0.0.10

Internet access (NAT) works on both routers, they can ping each others LAN IPs over OVPN
Only server can ping client LAN addresses when I add a route:

add  distance=1 dst-address=192.168.2.0/24 gateway=10.0.0.10

Client RB can only ping server (10.0.0.1 and 192.168.1.1) with:

add distance=1 dst-address=192.168.1.0/24 gateway=10.0.0.1

Client cannot access anything in Server LAN.

No bridges, pretty much default config.

What am I doing wrong?

Also: With DHCP the clients might get a different address and routing will not work - Do I need to make clients connect with static IP or can I have dynamic routing? How?

OVPN was set up like this: http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step

MTeeker · August 29, 2015, 1:09am

You need to add a route to each network behind the ovpn server in order to access it, e.g.

route 192.168.1.0 255.255.255.0 10.0.0.1

where 192.168.1.0 is the local network address behind the ovpn server, its subnet mask then the gateway IP of open VPN.

sveno · September 3, 2015, 11:49am

This is already in place. I wouldn’t be able to ping Server IPs otherwise (192.168.1.1 and 10.0.0.1)

I made an accept rule on the server for icmp, OVPN interface and it does get hits so the problem is in sending replies. No outbound ICMP reply hits. Any clues how to locate the problem?

EDIT.

RB-SERVER can ping RB-CLIENT+LAN
SERVER LAN addresses can ping RB-CLIENT and its LAN addresses
RB-CLIENT can ping RB-SERVER
RB-CLIENT nor its LAN addresses can ping RB-SERVER or its LAN. The only exception is the core switch.

Can this be an ARP problem?

EDIT2:

Its working!
It was an OVPN problem! The PPP Secret (aka servers client settings) needed to have local and remote IP set (despite having DHCP). Is this normal?

MTeeker · September 5, 2015, 7:33am

I did not specify a remote address in my PPP secret.

However for local address, if not specified, the vpn connection will get an IP from DHCP server. If specified, the connection will assume that as fixed IP. DHCP is not needed in that case.

Glad that it’s working out for you.