Community discussions

MikroTik App
 
Pavel1973
just joined
Topic Author
Posts: 3
Joined: Wed Jan 11, 2017 10:05 pm
Location: Prague

OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Thu Jan 12, 2017 10:23 am

Hi,
I´ve RB2011 fw 6.8.

Successfully established OPENVPN server. Clients can connect,but I have to specify the route on client side in the config file, as I need to send just some traffic to some machines through VPN.
So this
route 192.168.2.0 255.255.255.0 10.10.11.1 1
works.

The question is: Is there a possibility (on the RB) to push such a route to the clients?
In fact I´m missing something something like the OPENVPN server configuration file, where I would put
route add -net 162.168.2.0 netmask 255.255.255.0 gw 10.10.11.1
as on Linux platform for example.

Any ideas how to push it?
Thx!
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Thu Jan 12, 2017 5:06 pm

OpenVPN in current RouterOS lacks some features, as you have probably noticed already. This is one of them.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Fri Jan 13, 2017 11:33 am

You could use a routing protocol (RIP, OSPF...) to do that to some extent, if your client can cope with it.
AFAIK even Windows clients can do RIPv2 listening.
 
dablah
just joined
Posts: 3
Joined: Thu Mar 23, 2017 4:17 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Mon Jul 03, 2017 2:05 am

I have the same problem and the same solution, I have not been able to find a way to do it from the server (Mikrotik), it is already known if the next versions of RouterOS will add this option?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Mon Jul 03, 2017 3:58 am

AFAIK only udp support was promised so far. But it better mean all missing features, because if udp comes out and we'll have to make another ten years going thread for pushing routes or another feature... no, no way, that's just a bad thinking, lets not do it. :)
 
onlineuser
Member Candidate
Member Candidate
Posts: 250
Joined: Thu Aug 06, 2015 12:10 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Fri Nov 24, 2017 3:01 pm

Are there any news about pushing a route from the mikrotik server to the openvpn client?
 
x0a
just joined
Posts: 1
Joined: Tue Feb 27, 2018 10:26 am

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Tue Feb 27, 2018 10:29 am

Hello, just registered to ask is there any news?
 
egord
just joined
Posts: 1
Joined: Sun Jun 26, 2016 4:48 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Thu May 03, 2018 8:02 pm

And me too, please!
 
anv
newbie
Posts: 31
Joined: Mon Jul 04, 2011 5:19 pm
Location: Spain

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Thu May 17, 2018 1:03 pm

Each new version I check if there is something new about it.
Openvpn server on mikrotik works really well. I have 100+ clients connected via openvpn witout any problem... except when I need to add a new route...
 
Anubioz
just joined
Posts: 1
Joined: Wed Jul 25, 2018 5:49 am

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Wed Jul 25, 2018 6:24 am

You should send routes via BGP, here's a configuration for Bird 1.6.4 BGP server, running on linux & a Mikrotik router client, which connects via a tunnel. The tunnels endpoints assigned IP-addresses are:
192.168.111.1, adapter name: tun0 - Linux server
192.168.111.2, adapter name: ovpn-out1 - Mikrotik client

First install BIRD server, create routing table 50 with echo "50 mikrotik">>/etc/iproute2/rt_table, then add this configs:

/etc/bird.conf:
log "/var/log/bird.log" all;
protocol kernel {
	learn;
	scan time 20;
	export all;	
	kernel table 50;
}

protocol device {
	scan time 180;	
}

protocol static {
import none;
route 1.2.3.0/24  via "tun0";
route 192.168.10.0/24 via "tun0";
route 192.168.20.0/24 via "tun0";
route 10.10.0.0/16 via "tun0";
}

protocol bgp internal {
debug all;
description "My BGP uplink";
local as 65000;
neighbor 192.168.111.2 as 64496;
multihop;
hold time 360;
startup hold time 5;
connect retry time 20;

router id 192.168.235.1;
keepalive time 120;
connect delay time 5;
error wait time 5, 300;
next hop self;
path metric 1;
default bgp_med 0;
default bgp_local_pref 0;
source address 192.168.111.1;
export filter { print "exporting internal"; accept; };
}
Mikrotik BGP config;
/routing bgp instance
set default as=64496 client-to-client-reflection=no router-id=192.168.111.2
/routing bgp network
add network=192.168.111.0/24 synchronize=no
/routing bgp peer
add hold-time=6m keepalive-time=20s multihop=yes name=192.168.111.2 \
     remote-address=192.168.111.1 remote-as=65000 ttl=default update-source=ovpn-out1
Those configs will get Mikrotik route 1.2.3.0/24, 192.168.10.0/24, 192.168.20.0/24,10.10.0.0/16 and any destination, that exists in the routing table 50 on the linux server (use on linux something like `ip route add 192.168.200.0/24 dev tun0 table 50` to add or `ip route del 192.168.200.0/24 dev tun0 table 50` to delete routes from mikrotik)
 
kugla007
just joined
Posts: 8
Joined: Thu Mar 29, 2018 12:43 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Mon Mar 16, 2020 5:45 pm

I have a problem that when my client's connect they don't install a route. When I go to terminal and input netstat -nr there is no route for the network on the VPN

This is what I put in the client.ovpn
route 192.168.178.0 255.255.255.0 10.11.12.1 1
I also tried just:
route 192.168.178.0 255.255.255.0
This works on my Windows machine which installs the route - MacOS doesn't.

Any help would be appreciated.

This is my client.ovpn
client
dev tun
proto tcp
remote server_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA1
auth-user-pass
route 192.168.178.0 255.255.255.0 10.11.12.1 1
verb 3

<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
If I add the route manually in the terminal, I can access the remote LAN:
sudo route -n add -net 192.168.178.0/24 10.11.12.1
 
mtzz29
just joined
Posts: 1
Joined: Wed Jan 11, 2017 2:58 am

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Sun Mar 22, 2020 4:26 pm

how to Connect to OpenVPN using Windows 10
how to Connect to OpenVPN using Windows 10

#server
[admin@Server_opvn] > /interface ovpn-server server print
enabled: yes
port: 59876
mode: ip
netmask: 24
mac-address: FF:6R:8G:E8:98:87
max-mtu: 1500
keepalive-timeout: 60
default-profile: default
certificate: ca-certificate
require-client-certificate: yes
auth: sha1
cipher: aes128







#client
client
dev tun
proto udp
remote ip domain.com 59876
resolv-retry infinite
keepalive 5 10
nobind
persist-key
persist-tun
verb 3
cipher AES-128-CBC
auth SHA1


auth-user-pass auth.cfg
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----

-----END ENCRYPTED PRIVATE KEY-----
</key>
 
jeanpara
just joined
Posts: 9
Joined: Wed Oct 11, 2017 5:47 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Wed May 27, 2020 12:26 am

I don't understand the vision of mikrotik. it focuses on rasberry pi (patent) options. When I hear Tech talking, I have a mikrotik in my laboratory or in my house. I would like to hear we implant mikrotik in big companies. But it lacks functions that only the competition at the same took.
One of the big options, push the routes to the VPN client. Openvpn genre. I will turn to pfsense in this case which is extremely stable and easy or a sonicwall with vpn ssl or ubiquiti.
we can see a big CCR but why put it in business when you have to modify routes to 80 users. So I'm going to tell myself we're going to put it in a small PME 10 user as its not too hard to manage.

Mikrotik go with the flow. Put a special project team option to develop as a hotspot etc ... any unusual option for routers. :) like turning on a toaster.

Team: option used in business as a real router.
To enter SMEs and non-SMEs 5 user.
Like pushing routes, replicating the HA configuration in another Stanby router. Facilitate configuration tasks for users.

I know the scripts exist, but you update your router pi you right practically redo your script.


Even version 7 which arrives does not impress me. We are in 2020.
It's a shame that the priorities are out of the commum
 
User avatar
mutluit
Forum Veteran
Forum Veteran
Posts: 821
Joined: Wed Mar 25, 2020 4:04 am

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Wed May 27, 2020 2:10 pm

An alternative is installing OpenVPN on a server in LAN. Then one can fully configure it.
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 276
Joined: Mon Mar 15, 2021 9:10 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Wed Apr 07, 2021 2:47 am

Just simply Wow, mikrotik can do a lot of things i can't really believed pushing routes is a basic feature I don't want to pop up a server/vm just for this, why the hesitation to implement this feature?
 
qwertyhunder
just joined
Posts: 1
Joined: Sat Jul 03, 2021 8:57 am

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Sat Jul 03, 2021 9:00 am

Holy hell.
Is MikroTik firmware development team that incompetent that they can't allow you to add a custom OVPN Server config file, or even just f****ing add a "push static route" option for ovpn?
This is definitely the most unprofessional thing from a very professional company I've ever seen.
 
t4thfavor
just joined
Posts: 18
Joined: Tue Apr 13, 2021 4:40 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Wed Mar 09, 2022 9:34 pm

Well it's been a few months since the last flaming post so I figured I would chime in here. I also would like this feature, it seems like it's integral to a properly functioning Openvpn installation for most people. I know that Wireguard is the new hotness, but for many, OpenVPN is already implemented, and it would be nice to be able to put Mikrotik devices in place that can replace dedicated vpn boxes.
 
lfoerster
newbie
Posts: 36
Joined: Mon Mar 07, 2022 1:29 pm

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Tue Mar 15, 2022 5:38 pm

The OpenVPN server on MT did not support pushing routes automatically so you either need to set them static or use dynmaic routing with RIPv2 or OSPF.
https://administrator.de/contentid/3593 ... nt-1349554
it would be nice to be able to put Mikrotik devices in place that can replace dedicated vpn boxes.
The major drawback with OVPN and WG is that they require 3rd party VPN clients. This is a major obstacle and creates a lot of additional burden cause of maintaining and poissible bugs. Also 3rd party network software is mostly not well integrated and has performance lacks.

Best here is to always use OS build in VPN client that ALL OSes like Windows, Apple and all Smartphones have onboard. Mostly its L2TP and a perfect running L2TP VPN Server for mobile clients can easily be setup:
https://administrator.de/content/detail ... nt-1440162
Or in case you need to do site-to-site VPNs with L2TP:
https://administrator.de/contentid/1721 ... 1736463492
Allways much better than all the 3rd party solutions ! ;-)
 
User avatar
smufarhan
just joined
Posts: 7
Joined: Thu Oct 17, 2019 6:52 pm
Location: Pakistan

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Wed Aug 24, 2022 11:43 am

Hi Everyone,

MikroTik provided this solution. You have to add following lines in ovpn cofig file

pull
route 10.x.x.x 255.255.255.0

Above a couple of lines. Where route you can enter whatever networks you want to pull from mikrotik router to the client.
 
networkf1
just joined
Posts: 1
Joined: Fri Sep 02, 2022 11:40 am

Re: OPENVPN SERVER - HOW TO PUSH ROUTE TO CLIENTS

Wed Dec 07, 2022 11:15 am

Hi smufarhan,
how do you push the route from the mikrotik to the client? There isn't any config file on the mikrotik, only server configuration that doesnt allow so much configuration...
It would help me so much, thank you
Last edited by BartoszP on Fri Dec 09, 2022 11:31 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart.

Who is online

Users browsing this forum: No registered users and 48 guests