Community discussions

MikroTik App
 
GardG
just joined
Topic Author
Posts: 4
Joined: Wed Jul 21, 2021 12:39 am

OVPN clients can't access local devices by hostname (and other OVPN related noob questions)

Wed Jul 21, 2021 1:09 am

Hi all,
I'm in the process of upgrading the network infrastructure at my small office, and I've replaced our previous consumer-grade router with a CRS309-1G-8S+IN. It's certainly a world of difference … A bit overwhelming to a relative noob such as myself, but it's gone well so far. A few questions have arised though, mainly related to OpenVPN.

1) I've set up an OVPN server on the Mikrotik and it works fine, clients can access the LAN remotely, they get IPs from a separate pool, and it all works as expected, apart from one small detail – VPN clients can only access the devices at the office by IP, not by hostname. When at the office, we can access our TrueNAS server shares by smb://truenas.local/sharename, but not over VPN – we then have to resort to smb://10.0.1.1/sharename. Is there an easy way to fix this? Or a good reason not to?

2) For some reason, at some point in the distant past we decided to use 10.0.0.0/16 for our network, and have stuck with it. However, I realise that connecting to our VPN from another network with the same IP scheme/subnet will cause issues, so I suppose we should change to something less common, like 10.68.0.0/16 or whatever. That's reasonable enough. But in our office, the Mikrotik is behind another router (shared, covering the whole floor of the building) which is on a 192.168.10.0/24 subnet. We can reach devices on that network from our office (behind the Mikrotik) and would ideally like to keep it that way (there are some 3D printers and stuff there that we use) – but does this mean that connecting to our VPN from another 192.168.10.0/24 network won't work either?

3) The main use case of our VPN is typical road warrior use with laptops getting stuff from file servers etc. However, we also have another somewhat odd use case – for various projects we sometimes deploy embedded devices on temporary job sites, and we'd like to set up temporary site-to-site VPN connections to remotely manage these devices. Usually there would be an LTE router on site connecting to the office VPN. So far, so good. But: we'd also like to be able to use the same embedded devices at our office when they're not deployed in the field. For the site to side VPN they'd need to be on different subnets, but that means we'd have to readdress them when moving between the office and the field, which we don't want. What's the smoothest and easiest solution to this?

Let's say we change our office subnet to 10.68.0.0/16 and call our embedded devices (that will be used both in house and in the field) 10.67.0.0/16.These devices all have static IPs. Can I add a static route on the Mikrotik so that we can use some of our 10.67.0.0/16 devices transparently on the 10.68.0.0/16 network, while also connecting some of them to the office network over OVPN? There won't be any IP conflicts in the 10.67.0.0/16 subnets because all the devices have static IPs, but are there any other potential issues?

Who is online

Users browsing this forum: No registered users and 34 guests