I have VPN server and clients both on MikroTik.
I can reach local network from client to server and opposite.
For example server 192.168.0.0/24 and clients 192.168.1.0/24, 192.168.2.0/24
But what route should I add, to connect clients 192.168.1.0/24 from 192.168.2.0/24 and opposite?
Re: How to connect local subnets of VPN clients
Route to 192.168.0.0/22 from each client. Or specific /24 route, doesn't matter.
Re: How to connect local subnets of VPN clients
It depends on what is the default route at the clients. If the default route remains the original one even after the VPN connection is established, you must add a route at each client in 192.168.1.0/24 to 192.168.2.0/24 (and vice versa) via the VPN tunnel.I can reach local network from client to server and opposite.
For example server 192.168.0.0/24 and clients 192.168.1.0/24, 192.168.2.0/24
But what route should I add, to connect clients 192.168.1.0/24 from 192.168.2.0/24 and opposite?
You haven't written which VPN in particular you use; the method of adding the route differs significantly and you may have to add it manually at the client rather than push it from the server.
Re: How to connect local subnets of VPN clients
I already have routes on clients via VPN, but they don't work.It depends on what is the default route at the clients. If the default route remains the original one even after the VPN connection is established, you must add a route at each client in 192.168.1.0/24 to 192.168.2.0/24 (and vice versa) via the VPN tunnel.I can reach local network from client to server and opposite.
For example server 192.168.0.0/24 and clients 192.168.1.0/24, 192.168.2.0/24
But what route should I add, to connect clients 192.168.1.0/24 from 192.168.2.0/24 and opposite?
You haven't written which VPN in particular you use; the method of adding the route differs significantly and you may have to add it manually at the client rather than push it from the server.
For example on client with network 192.168.2.0/24 route to 192.168.5.0/24
Code: Select all
/ip route add distance=1 dst-address=192.168.5.0/24 gateway=smkgwRe: How to connect local subnets of VPN clients
In that case, post the result ofI already have routes on clients via VPN, but they don't work.
For example on client with network 192.168.2.0/24 route to 192.168.5.0/24Code: Select all/ip route add distance=1 dst-address=192.168.5.0/24 gateway=smkgw
Code: Select all
/export hide-sensitiveCode: Select all
my.public.ip.ARe: How to connect local subnets of VPN clients
After resetting vpn server configuration and clean setup, client-to-client connection works.In that case, post the result ofI already have routes on clients via VPN, but they don't work.
For example on client with network 192.168.2.0/24 route to 192.168.5.0/24Code: Select all/ip route add distance=1 dst-address=192.168.5.0/24 gateway=smkgwfrom both the client and the server, after systematically replacing each public IP address you don't want to disclose by a distinctive pattern such asCode: Select all/export hide-sensitive.Code: Select allmy.public.ip.A
But i didn't yet setup my second ISP so the problem is in one of that settings.
Can you advise how to proper configure failsafe with tho ISP, without load balancing?
Re: How to connect local subnets of VPN clients
Do you use route marking of packets in to facilitate the dual-WAN?
Code: Select all
/ip firewall mangleRe: How to connect local subnets of VPN clients
Used before reset, now looking for proper dual-lan config.Do you use route marking of packets into facilitate the dual-WAN?Code: Select all/ip firewall mangle
Re: How to connect local subnets of VPN clients
Dual LAN or dual WAN? For proper dual WAN as primary and backup (i.e. no load distribution), this article has it all and doesn't require routing marks to work.Used before reset, now looking for proper dual-lan config.
For dual LAN I don't know what you have in mind.
If using routing marks, the thing is that some sources say that if no route is found in the explicitly indicated routing table, the routing table main is used as a backup. I haven't tested this deeply, but I'm afraid that a default route is considered valid also for local interfaces. So if you need to use named routing tables, local routes must exist in all of them, otherwise the route-marked packets for another local subnet are sent out via the default route matching that routing mark. The other (and easier to understand three months later) possibility is not to mark packets with local subnets as destinations of course.
Re: How to connect local subnets of VPN clients
Dual-wan, of course, sorry.Dual LAN or dual WAN? For proper dual WAN as primary and backup (i.e. no load distribution), this article has it all and doesn't require routing marks to work.Used before reset, now looking for proper dual-lan config.
For dual LAN I don't know what you have in mind.
If using routing marks, the thing is that some sources say that if no route is found in the explicitly indicated routing table, the routing table main is used as a backup. I haven't tested this deeply, but I'm afraid that a default route is considered valid also for local interfaces. So if you need to use named routing tables, local routes must exist in all of them, otherwise the route-marked packets for another local subnet are sent out via the default route matching that routing mark. The other (and easier to understand three months later) possibility is not to mark packets with local subnets as destinations of course.
Thanks for the article, I'll try check-gateway=ping method.