Page 1 of 1

openVPN Client on Mikrotik, as Bridge

Posted: Fri Mar 25, 2016 5:05 am
by DotTest37
I already have a Cloud Switch configured as OpenVPN Server, and I use Viscosity from my Mac to VPN to home.
Is it possible to have another Mikrotik router act as a OpenVPN Client and connect to my Cloud Switch in Bridge mode ? (not sure if Bridge is the right word, I just need to be able to see the PCs behind the Mikrotik client from behind my Cloud Switch)
Thanks

Re: openVPN Client on Mikrotik, as Bridge

Posted: Fri Mar 25, 2016 2:15 pm
by pukkita
Yes, it is. Once you have the VPN up and running, it's a matter of proper routing.

Re: openVPN Client on Mikrotik, as Bridge

Posted: Fri Mar 25, 2016 3:59 pm
by DotTest37
I actually did, left the client router with default settings, added the certs from the server router and created the OpenVPN Client settings and I was able to connect the client to the server. then I added some firewall rules, mangle, etc and I was able to ping a PC behind the client router on subnet 192.168.88.0 from another PC behind the server router with subnet 192.168.160.0.
So far that solution works for me, but it would be nice to be able to bridge them both and be able to have PCs with subnet 192.168.160.0 on both sides.
Any suggestions?
thanks guys.

Re: openVPN Client on Mikrotik, as Bridge

Posted: Fri Mar 25, 2016 8:39 pm
by pukkita
Do you mean having the 192.168.160.0/24 range on both LANs?

Nice why? use DNS and create an A record for each machine so that you can refer to it by name instead of IP...

You could use proxy-arp between both mikrotiks, however having broadcasts traveling across the tunnel will impact performance.

Re: openVPN Client on Mikrotik, as Bridge

Posted: Sat Mar 26, 2016 2:58 pm
by DotTest37
Well, you are right,there is no real requirement for having the same subnet on both sides, it is just the way I imagined it first.
I was thinking to have devices on the client side getting IPs from my server side DHCP so I could see all of them in the same place, but networking-side, yes, no requirement.
That way I have it today is perfect, I can see the PC on the other side, just as I wanted to.
By the way, I made it work following pretty much this page (the tab for OpenVPN)
https://support.hidemyass.com/hc/en-us/ ... ient-Setup
Obviously, using my certs that were already on the Mikrotik server side and my own IPs.

I guess we can close this topic.
Thanks a lot