Community discussions

MUM Europe 2020
 
justlovingIT
just joined
Topic Author
Posts: 14
Joined: Mon May 04, 2015 7:21 pm
Location: Southern Europe

OVPN issue (can't reach hosts on the same network)

Mon May 04, 2015 7:32 pm

Hi,

I'm new to mikrotik and have just setup a CRS125 with following (simple) setup.
a) a public network (master port 1)
b) a private network 10.0.0.0/24 (master port 18)

Now I've setup openvpn as I want to reach the hosts in the private LAN (10.0.0.1) offsite.

-> I've set the local address to 10.0.0.1 and remote to 10.0.0.99 and followed most
steps from the wiki <-

OpenVPN is working fine and from the CRS I can ping all hosts.
e.g. my VPN IP 10.0.0.99 as well as the regular hosts on 10.0.0.2xx

When connected via VPN I can ping and work on webfig without issues but I just
can't connect to the other hosts on the 10.0.0.0/24 network via VPN.

I guess I must have missed something - but I think it's not the route as all IPs are in the same subnet :(
Any advice?

Other question: I've limited access to the different CRS services to specific IPs. But when I'm in the ovpn I can access webfig even though I've got the 10.0.0.99 IP that's not on the whitelist for that service.





Last question: I limited service access
 
Fedes
just joined
Posts: 7
Joined: Sat Jun 30, 2012 7:51 am

Re: OVPN issue (can't reach hosts on the same network)

Tue Oct 13, 2015 4:41 am

Hi, I'm having the same issue. Did you resolve it?

thanks
 
kamillo
Member Candidate
Member Candidate
Posts: 157
Joined: Tue Jul 15, 2014 5:44 pm

Re: OVPN issue (can't reach hosts on the same network)

Tue Oct 13, 2015 10:50 am

The problem is that you have both interfaces (public and private) attached to different master ports. Basically you have isolated the two networks so they are unable to talk to each other despite the fast they use the same ip range.

I would suggest assigning different IP range to VPN side and set up correct routing.
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 929
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: OVPN issue (can't reach hosts on the same network)

Tue Oct 13, 2015 12:48 pm

I second kamillo's suggestion of adding a seperate address pace for VPN users.
Alternatively, you can add a bridge, add your LAN master port to that bridge and migrate its IP address to it.
Set the ARP mode of that bridge to proxy-arp and you should be able to connect from VPN.

-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
kamillo
Member Candidate
Member Candidate
Posts: 157
Joined: Tue Jul 15, 2014 5:44 pm

Re: OVPN issue (can't reach hosts on the same network)

Tue Oct 13, 2015 2:11 pm

Above solution is Ok just keep in mind that CRS doesn't have powerful CPU and if you bridge interfaces whole traffic will pass through CPU (traffic from bridged interfaces). So keep an eye on the CPU usage

Who is online

Users browsing this forum: No registered users and 12 guests