192.168.1.0/24 - for LAN users, connected to bridge with Internet access
192.168.3.0/24 - for OpenVPN users, OVPN server is up’n’running on router, VPN users successfully connected to server
When I connected to the VPN, I want to have access to LAN devices, but this is not working. Obviously, because of different network segments.
Iam play with NAT, IP Routes and IP Firewall, but no luck. For now all firewall and NAT rules are empty (except one NAT masquerade rule for LAN → Internet access), also no default rules, so nothing is blocked or restricted.
Any suggestions how to configure such routing? I know about “proxy-arp”, but it works only for one network segment, it is not my case.
And, for future, maybe it is need to add some rules to access from VPN network to Internet?
It’s not weird. Client can route either everything though VPN (I don’t remember what’s the option for that, probably something with gateway) or only selected subnet(s). If it’s the latter, client must somehow know which subnets. Standard OpenVPN can give that info to client (push routes from server to client), but MikroTik’s implementation doesn’t have that, so routes must be configured on client side.
Exacltly this is “weird” I mean: each client must update their config each time routes changed in server, because Mikrotik server cant store configs and push it to the client.
Well, in this sense, whole MikroTik’s implementation is weird. It’s not completely clear why they made their own in the first place. They started many years ago when OpenVPN was very popular and added basic TCP-only version. It seems that it was quite a nightmare for them. But they kept going. Even when nobody really expected it anymore, they added UDP transport. And they keep adding or fixing other small things. But for some unknown reason they still ignore some parts.
Personally I don’t care anymore, because simply put, it’s not possible to wait for over ten years whether they’ll add something or not. But I wonder why they keep lagging behind, even with things that don’t seem difficult when compared to all the rest.
It’s perfect example why I have mixed feelings about containers in RouterOS. On one hand it’s great that you can run anything you want, even exotic things that MikroTik would never add. But if I needed complete OpenVPN, I’d very much prefer if MikroTik finished theirs, instead of having to rely on containers, which means extra work, won’t have the nice and friendly RouterOS GUI for all settings, and will run only on subset of devices that support containers. And if I’d be paranoid, it can be also used as excuse by MikroTik, why they don’t have to finish their implementation.
I agree. However, in the past few versions’ log changes, There were a few changes to OVPN. It seems they are working on it. In the meantime, a container option is handy. Although, I raised a support ticket for OVPN problems.
I have two operational containers at my CHR. Overall, It’s a neat option to have. I think paying less for resources and gaining more from what you already have is always lovely.
Howdy there. Very new to the Mikrotik router world, but I’m trying to get the container feature enabled on a cloud-hosted RouterOS v7.5 machine and have run into some trouble. May I ask how you got it to work? Mine is hosted on a hypervisor and has no physical buttons to push to enable this.
