Hi,
I am administrator in my company and we are using a RB3011UiAS with latest stable firmware (6.37.1).
I've read allmost every RouterOS/OpenVPN tutorial I could find and tried several described ways but I still got problems.
Scenario:
People which are working at home need to connect to the company's network in order to reach the intranet and some data.
Simple Setup:
For the moment only 2 Ports are used.
- eth1_LAN: 192.168.0.250/16
- eth6_INTERNET: 62.62.62.82/29
- DNS: 8.8.8.8 and 8.8.4.4 (remote requests allowed)
- masquarading srcnat on out.interface eth6
Routing:
0.0.0.0/0 gateway 62.62.62.81 reachable eth6_INTERNET
192.168.0.0/16 eth1_LAN reachable
62.62.62.80/29 eth6_INTERNET reachable
What I've allready tried:
1. Create/import server/client certificates
2. Create IP-Pool (first I did it the hard way and I have created 64 IP-Pools 10.100.10.1-2, 10.100.10.5-6, 10.100.10.9-10 and so on. Later I've created 1 Pool and set the Local-IP to 10.100.10.1)
2. Set up OpenVPN client on a Windows based system
3. Establish connection
Here is the Problem:
I am not able to reach servers which are inside LAN from outsid. F.e 192.168.0.1, 0.2, 0.3 and so on.
Client OpenVPN config:
proto tcp-client
remote 62.62.62.82 1194
dev tun
nobind
persist-key
tls-client
ca ca.crt
cert client1.crt
key client1.key
ping 10
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass
route 192.168.0.0 255.255.0.0
Client ipconfig output while connection established:
Local:
IPv4-Address: 192.168.43.169
Subnet: 255.255.255.0
Gateway: 192.168.43.1
OpenVPN:
IPv4-Address: 10.100.10.3
Subnet: 255.255.255.0
Gateway:
Client route output while connection established:
dst: 0.0.0.0/0 gateway: 192.168.43.1 interface: 192.168.43.169
dst 192.168.0.0/0 gateway 10.100.10.1 interface 10.100.10.3
Some debugging facts:
- Inside the router I can reach (ping) all local systems.
- If I forward the ports I can also reach services (f.e FTP) from outside (62.62.62.82).
- I can reach the internet from the local clients (f.e 192.168.2.1)
It seems like the router doesn't know how to route VPN (10.100.10.X) to the local net (192.168.X.X).
Please help.
Best Regards,
Dominik