Community discussions

MikroTik App
 
Alexdv
just joined
Topic Author
Posts: 6
Joined: Tue Nov 12, 2019 2:57 am

OpenVPN routing

Thu Feb 20, 2020 3:58 am

Hi!
I've succesfully implemented openvpn server on HEX device, clients can connect and have access to internal network(192.168.83.0/24). But in each client config i need to specify route (route 192.168.83.0 255.255.255.0 172.16.10.1), where 172.16.10.1 is ip address of ovpn profile. 172.16.10.48/28 is network for remote users.
The question is if i set dhcp pool to 192.168.83.40-192.168.83.254, then set ovpn profile ip to 192.168.83.2 and 192.168.83.16/28 as a remote users' network do i need to specify any routes in client configs?
P.S. as somebody may know, ROS don't support openvpn "push route" feature, so i'm very interested in this, especially for android remote users, because openvpn connect android app is not supporting "route" directive.
 
tdw
Member
Member
Posts: 372
Joined: Sat May 05, 2018 11:55 am

Re: OpenVPN routing

Thu Feb 20, 2020 4:11 pm

There are various options:
  • Per your suggestion overlap the local and remote client addresses, the OpenVPN server netmask=24 provides a suitable route, but you need to enable proxy-arp on the local network interface so the Mikrotik replies to any local client ARP requests on behalf of the remote VPN clients.
  • Use an adjacent subnet for the remote clients and adjust the netmask to cover local and remote clients. e.g. the existing 192.168.83.x/24 network for local clients, 192.168.82.x/24 for remote VPN clients with OpenVPN server netmask=23
  • Add routes to the client .ovpn configuration file and use an app which does support routes.
 
User avatar
MTeeker
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Tue Jun 14, 2011 2:42 pm
Location: Australia

Re: OpenVPN routing

Thu Feb 20, 2020 10:44 pm

(This reply is in response to a question of several months old. But it may still be useful to someone).

I have OpenVPN server running on my RB493G workhorse for several years now. The paid Android app (linked below) allows me to connect to my home network securely when I am on the road. It should make life a bit easier using OpenVPN server on MikroTik. Especially whether it's TUN or TAP.

https://play.google.com/store/apps/deta ... o&hl=en_US
 
Alexdv
just joined
Topic Author
Posts: 6
Joined: Tue Nov 12, 2019 2:57 am

Re: OpenVPN routing

Sat Feb 22, 2020 1:18 am

There are various options:
  • Use an adjacent subnet for the remote clients and adjust the netmask to cover local and remote clients. e.g. the existing 192.168.83.x/24 network for local clients, 192.168.82.x/24 for remote VPN clients with OpenVPN server netmask=23
that's interesting. but where openvpn server netmask could be set? i can only set an ip address in openvpn profile(local address)
 
tdw
Member
Member
Posts: 372
Joined: Sat May 05, 2018 11:55 am

Re: OpenVPN routing

Sat Feb 22, 2020 2:35 am

There are various options:
  • Use an adjacent subnet for the remote clients and adjust the netmask to cover local and remote clients. e.g. the existing 192.168.83.x/24 network for local clients, 192.168.82.x/24 for remote VPN clients with OpenVPN server netmask=23
that's interesting. but where openvpn server netmask could be set? i can only set an ip address in openvpn profile(local address)
It is configured globally on the OpenVPN server (PPP > OVPN Server in Winbox), the Mikrotik Open VPN implementation doesn't fit exactly into the PPP model they use for other VPNs.
 
Alexdv
just joined
Topic Author
Posts: 6
Joined: Tue Nov 12, 2019 2:57 am

Re: OpenVPN routing

Sun Feb 23, 2020 4:08 pm

can t find this(
You do not have the required permissions to view the files attached to this post.
 
User avatar
SiB
Forum Veteran
Forum Veteran
Posts: 887
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: OpenVPN routing

Sun Feb 23, 2020 6:18 pm

can t find this(
At screenshot you see the "Default Profile: ovpn" then:
WinBox: PPP > Profiles tab > ovpn profile entry > General tab > Remote Address
provide pool or ip range
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL
WinBox Tip: F6 works as ALT+TAB | Gliffy.com - free network schematic | prnt.sc - free ScreenShot software
I will be at MUMEUROPE Prague on ?? ?? 202?
 
Alexdv
just joined
Topic Author
Posts: 6
Joined: Tue Nov 12, 2019 2:57 am

Re: OpenVPN routing

Mon Feb 24, 2020 1:46 am

[/quote]
At screenshot you see the "Default Profile: ovpn" then:
WinBox: PPP > Profiles tab > ovpn profile entry > General tab > Remote Address
provide pool or ip range
[/quote]
thanks! will try it tommorow
 
tdw
Member
Member
Posts: 372
Joined: Sat May 05, 2018 11:55 am

Re: OpenVPN routing

Tue Feb 25, 2020 8:10 pm

can t find this(
It is the Netmask field, default value is 24 - equivalent to 255.255.255.0
 
Alexdv
just joined
Topic Author
Posts: 6
Joined: Tue Nov 12, 2019 2:57 am

Re: OpenVPN routing

Tue Feb 25, 2020 11:56 pm

it worked! thank you, tdv :)

Who is online

Users browsing this forum: Baidu [Spider] and 41 guests