Community discussions

 
kidjake28
just joined
Topic Author
Posts: 19
Joined: Tue Oct 31, 2017 6:30 pm

MicroTik to SoftEther (OpnVPN)

Sun Nov 05, 2017 3:14 am

Thank you so much for replying:

Let me explain what I currently have.
Home:
Local router
LAN 192.168.5.1/24
Public WAN: whatever the isp's handing out

Behind local router
Microtik
Lan: 10.1.1.1/24
WAN: 192.168.5.x (whatever the local router is handing out)
DHCP Server: 10.1.1.100-200

Softether
ETH0: 172.30.1.65/24
Tunnel: (192.168.99.x/24)

Server I need to get to: 172.30.1.80/24

Here is my current issue.

I created an OpnVPN connection from Microtik and SoftEther. That works great. Connection Established.
I had to create a route on Microtik: 172.30.1.0/24 GW SSTP-Out1 in order for the Microtik to be able to ping 172.30.1.x network (from terminal).

Problem:
I cannot ping from 10.1.1.x to 172.30.1.0/24
So I thought the reason why was because the server doesn't know how to route back so on the 172.30.1.80 I added a route 10.1.1.0/24 gw 172.30.1.65.

Still doesn't work. Any help GREATLY appreciated.
 
payam124
Trainer
Trainer
Posts: 18
Joined: Thu Jan 07, 2016 11:44 pm

Re: MicroTik to SoftEther (OpnVPN)

Sun Nov 05, 2017 8:07 am

Your understanding of the problem seems to be right. Posting traceroute from MikroTik side toward 172.30.1.80 can clarify it
Assuming the route back is the issue, you need to define the route on Softether
if you can allocate static IP to the MikroTik by Softether, then on Softether you have to route 10.1.1.0/24 to this particular static IP

if instead of Softether, you had a MikroTik in place, then it would be much easier.
 
kidjake28
just joined
Topic Author
Posts: 19
Joined: Tue Oct 31, 2017 6:30 pm

Re: MicroTik to SoftEther (OpnVPN)

Sun Nov 05, 2017 6:57 pm

Thank you very much for the reply.

The traceroute from the microtik to 172.30.1.80 is as follows:

Hop Host
1 192.168.30.1 (vpn tunnel)
2 172.30.1.80

Thats it.

What has me puzzeld is if I take a look at the SSTP-out1 interface under Status the remote address is 1.0.0.1? Where is it getting this from?

If I look at the route table there is an entry:

Dst. Address: 10.0.01
Pref. Source 192.168.30.10
 
kidjake28
just joined
Topic Author
Posts: 19
Joined: Tue Oct 31, 2017 6:30 pm

Re: MicroTik to SoftEther (OpnVPN)

Sun Nov 05, 2017 6:58 pm

Thank you very much for the reply.

The traceroute from the microtik to 172.30.1.80 is as follows:

Hop Host
1 192.168.30.1 (vpn tunnel)
2 172.30.1.80

Thats it.

What has me puzzeld is if I take a look at the SSTP-out1 interface under Status the remote address is 1.0.0.1? Where is it getting this from?

If I look at the route table there is an entry:

Dst. Address: 10.0.01
Pref. Source 192.168.30.10
 
payam124
Trainer
Trainer
Posts: 18
Joined: Thu Jan 07, 2016 11:44 pm

Re: MicroTik to SoftEther (OpnVPN)

Fri Nov 10, 2017 10:50 pm

as you said you can ping 172.30.1.80 from the MikroTik, my understanding is MikroTik used the Tunnel IP as the source and send out the packets.
a simple workaround would be writing an srcnat with masquerade for packets going out from SSTP-out1 interface (you said it was opnvpn, why did you name the interface SSTP-out1?)with this workaround, your clients in 10.1.1.0/24 will reach 172.30.1.0/24 using NAT and IP address of the tunnel

if you don't need to use NAT, you need to find a way to write the route to this tunnel on your softether to send packets toward 10.1.1.0/24 over the tunnel
 
kidjake28
just joined
Topic Author
Posts: 19
Joined: Tue Oct 31, 2017 6:30 pm

Re: MicroTik to SoftEther (OpnVPN)

Fri Nov 10, 2017 11:28 pm

Thank you so much for the reply. You were absolutely right. The problem was with the firewall.

Once I made the entry and you explained it starting working.

It was my mistake with regards to SSTP. I had tried both SSTP and OpnVPN.

Who is online

Users browsing this forum: mohammed2578 and 98 guests