Community discussions

MikroTik App
 
atuxnull
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Tue Feb 07, 2017 10:02 pm

OVPN server local networks only

Wed Sep 08, 2021 10:30 am

After setting an openvpn server in my Mikrotik, now all remote users can connect to the Internet through the Mikrotik, based on
https://forum.mikrotik.com/viewtopic.php?f=13&t=177639&p=874464#p874464
I would like to create a new installation and have the openvpn server in the mikrotik and serve only the local networks. For example Mikrotik has the LAN 192.168.5.0/24 and 172.16.5.0/24. I would like all the remote users eg Android phones over 4G to access the internet from their 4G and through VPN the local networks 192.168.5.0/24 and 172.16.5.0/24. I do not want the remote users to access the internet through the Openvpn <-.>Mikrotik, rather access the internet from their local access (eg 4G).
Could someone help me to set this config please?
 
User avatar
iaskakho
just joined
Posts: 17
Joined: Sun Sep 05, 2021 9:27 pm
Location: New York, USA
Contact:

Re: OVPN server local networks only

Thu Sep 09, 2021 1:27 am

You would have to set the routes on the client, there is no option from the server side mikrotik.

I suggest then setting a firewall rule to drop any traffic from <ovpn-gateway> that is not those 2 networks.
 
atuxnull
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Tue Feb 07, 2017 10:02 pm

Re: OVPN server local networks only

Thu Sep 09, 2021 11:10 am

so have to leave the config of the server as it is and what do i have to do in the client, please?
 
User avatar
MickeyT
Member Candidate
Member Candidate
Posts: 125
Joined: Tue Feb 18, 2020 7:06 am
Location: Australia

Re: OVPN server local networks only

Thu Sep 09, 2021 2:17 pm

I created that OVPN configuration to route all traffic through the VPN to maximize security for the client on an untrusted network. The relevant line that you're looking for in the client configuration is:

redirect-gateway def1 bypass-dhcp

Removing that line should mean that only VPN traffic goes through the VPN and all other traffic goes through the local gateway (including DNS queries). I can't make any guarantee about how well it will work as I haven't tested the configuration myself. I suggest you take a look at the OpenVPN Documentation (specifically the 2x HOW TO page) as this is where got the information about creating the client config file.

Who is online

Users browsing this forum: No registered users and 36 guests