MikroTik

Hello,
i'm new on mikrotik and now i use it for testing but is very good product.

i installed a mikrotik on my office because i need a vpn where i'm outside of office.
configured and works like a charm...

but i have this problem.
lan on mikrotik is "classic" 192.168.1.0/24
and i wan't change it becuase my servers/printers is already configured...

when i connect with my laptop from another place that have same network i can't ping/call some devices inside my office becasue have same ip address...
example i can't login into mikrotik 192.168.1.1 because is gateway of my laptop...

so i think exist a function called NAT 1:1 or similar that translate a subnet into another subnet.

my goal is
connect with my laptop with openvpn in my office and ping/call a different subnet to reach my devices...
example i am with my laptop in a remote lan with ip 192.168.1.30
connect with openvpn and for ping/call devices on office's lan i use 192.168.147.0/24
ping 192.168.147.1 = ping 192.168.1.1 (mikrotik router)
ping 192.168.147.10 = ping 192.168.1.10 (my network printer)
ecc..
can i translate all packet from openvpn from 192.168.147.0/24 to 192.168.1.0/24 on mikrotik router?

Thank you in advance
Ale

can anyone show me a guide to learn about this rules?

thank in advance
Ale

Is there any reason you want to dump the VPN users onto a different subnet? I have this working well for my home network, where I just carve off a smaller slice if IP addresses in the same subnet using two DHCP pools.
Have a look at the "Road Warrior" configs on this page: https://wiki.mikrotik.com/wiki/Manual:I ... ver_Config

ok, thank you.
so i have a dhcp 10 to 19 for vpn users end 20 to 229 to "local lan" users, correct?

but if i have a printer with satic ip 172.16.20.20.240
and with my notebook i'm in a same lan 172.16.20.20.0/24 and in connect in openvpn roadwarrior.
unfortunately there is a device with ip 172.16.20.20.240
if i print something i have an error, becuase packet don't route over openvpn...

my goal is create a printer with ip 172.16.99.240 (different subnet)

similar to this with pfsense
https://forum.netgate.com/topic/39576/s ... e-subnet/5

i already use in pfsense and works great

Thank you in advance
Ale

i found the solution...

i add a simple rules in
ip - firewall

nat tab
add rules
chain: dstnat
Dst.Address: 192.168.147.0/24 ( fake lan)
Tab Action
Action: netmap
To Addresses: 192.168.1.0/24 (real lan)

now when i connect with openvpn client i can
ping 192.168.147.1 or ping 192.168.1.1 (mikrotik router)
ping 192.168.147.10 or ping 192.168.1.10 (my network printer)

thank you

if you feel that i should open a new post feel free to divide...

sorry, but i need some help with this setup .

as i described i have this situation

in office
mikrotik as router
lan 192.168.1.0/24
local server 192.168.1.100

when a colleague connect with openvpn and at his home have same subnet 192.168.1.0/24
and there is already a device with 192.168.1.100
he can't connect to server.
so i create a netmap with fake network 192.168.3.0/24 and all works great.
because he from home "calls" server with ip 192.168.3.100

but now i have a problem, another colleague have a laptop and sometimes works from office and sometimes from home (always same subnet)
for now on laptop i mapped two network drive with 192.168.1.100 and 192.168.3.100
because if he is in office 192.168.3.100 not work
and if he is at home 192.168.1.100 not work

my goal is in a LAN (without openvpn) can i reach all my network devices with ip
192.168.1.0/24 and 192.168.3.0/24

so if i am in office (LAN) and my laptop takes ip 192.168.1.23 can i ping or use 192.168.1.100 AND ALSO 192.168.3.100
of course not only for serverbut a have several devices (printers, pbx, defferent servers, AP, ecc)

clear, best solution is change office subnet, but now i can't .

thank you in advance

seems work in strange mode...

i explain.

if i setup a netmap
from local LAN i can ping 192.168.3.100 but i can't access to
\\192.168.3.100\share
idem from example printet
i can ping 192.168.3.101 but i can "visit" webgae at http://192.168.3.101
of course with 192.168.1.100 or 101 works fine.

thank you

If you have pc's/laptops/servers you can add multiple IP's to network interface (if all are static - wont work mostly with DHCP client on). This way it's possible to create additional uncommon subnet (lets say 200.200.200.x) to all your devices PLUS mikrotik's VPN pool.
Now, while in office you're able to access file shares from basic LAN subnet (lets say 192.168.0.x) and 200.200.200.x simultaneously.
While 'outside' you should also access office LAN when VPN IP's and additional LAN subnet match...

Obviously main issue is with devices having no support for multiple IP setup (most printers etc...).

thank you for reply.

so i can't setup a secondary LAN class and access simultaneously without "touch" devices?
i think a similar to masquerade .... i try to add masquerade rules but don't work...

thank you

i used this workaround

viewtopic.php?f=2&t=160936&p=802695#p802695