Hi, I want to do VPN configuration with one subnet, which is not open on Internet. It’s separate network, and there are separate computers, connecting only to the server there. It’s address is 192.168.1.0/24. Mikrotik on itself has also one network which has the same addresses and for both subnets is difficult to change some adresses. I want to know, could I make some NAT translation within the Mikrotik and have it think this is 2.0/24 subnet? Also, I need it to have only VPN access, no more. Client which will be connecting will need to have internet access also on it’s own simultaneously.
Im following this guide right now https://www.marthur.com/networking/mikrotik-setup-a-client-to-site-sstp-vpn-part-1/776/
Yes you can…
Setup your VPN server on a different subnet, it can be lets say 10.10.10.100/24…Set your VPN server to 10.10.10.99
A client that connects to your VPN Server will get the address 10.10.10.254…
Then on your Firewall NAT rules you will create a dst-nat rule where when the dst-address is for example 10.10.10.10 action dst-nat to-addresses 192.168.1.10
\OK, thank you. But because the network is 192.168.1.0/24 and I have another subnet which is also 192.168.1.0/24, which is on the default VLAN 1, how can I mask it and have it for the router to think it is 100.0/24 like you said? I must create some virtual interface and then NAT…
I’ve tried, but it works for the default VLAN 1 - it translates me addresses to go the default VLAN 1 only. But to the other VLAN I can’t go. I wan’t to tell you that every PC doesn’t have default gateway there.