Hi,
I am currently on the verge of breaking up with openvpn. It is terribly inconvenient to implement and possibly configure. I have a case where a given user is supposed to have access to different subnets(VLANS) via OpenVPN. Currently, I have it solved in such a way that in the .ovpn configuration file I add the entry route x.x.x.x x.x.x.x. It works, it does, but it’s a little convenient for a long time. In addition, I provide an entry about the DNS Server in the ovpn profile on mikrotik. I have a local DNS server but for ovpn users to have access to it, I also need to add route in the configuration file. My question is… is there any more rational solution than my current one? I am open to other types of VPN. It doesn’t have to be specifically ovpn. It annoys me that I have to add an entry in their config file every time. P.S The route entry in the mikrotik profile does not work as it should.
Does your ISP modem provide you with a public IP?
If not, are you able to at least forward ports from your ISP modem/router to your MT device??
Sure,
i have static public IP and pool with mask /29. But its not the case. I want that OpenVPN client will be able to access another subnet. In basic configuration it’s not possible. Everytime I need add to .ovpn file rule “route ”
zerotier
Piece of cake with Wireguard, your remote users can come in and access any subnet you wish via firewall rules and thus permanent rules and all the granularity you wish ( access to single devices etc…).
Zerotier (uses third party infratstructure which could be a detractor for some, has its real advantage due to it connects devices at layer2 (think broadcast reception), whereas wireguard is a more traditional layer3 vpn which is governed by firewall rules.