Community discussions

MikroTik App
  4. RouterOS
  5. General

OVPN S2S with multiple sites/ tunnel networks  [SOLVED]

Post Reply
 
acssol
just joined
Topic Author
Posts: 14
Joined: Mon Feb 05, 2018 2:13 pm

OVPN S2S with multiple sites/ tunnel networks

Fri Jun 15, 2018 3:34 pm

Hello folks,

I'm trying to achive the following setup with OVPN on Mikrotik RouterOS, but I don't get how to define multiple "tunnel networks" (local- and remote tunnel addresses). I have found this thread in the MikroTik forum, which suggests working with "users" and binding profiles to users, but I don't see where to work with "users" here.

Image

To my knowledge I can only have one OVPN-Server instance which is bound to a profile, e.g. profile-ovpn1:

Image

This profile defines the local and remote addresses for the tunnel interfaces:

Image


How to achive a second tunnel-network for a second site?

PS: I would like to terminate site-to-site tunnels for different tenants/ customers on this system.

Thanks in advance for your feedback!
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: OVPN S2S with multiple sites/ tunnel networks  [SOLVED]

Sat Jun 16, 2018 7:17 pm

Normally, each user you use with various ppp interfaces is locally represented by a /ppp secret item and that item refers to a /ppp profile too, plus it also has local-address and remote-address parameter directly in itself. So the default-profile configured for the /interface ovpn-server server is only used if no profile is configured in user's /ppp secret, and the address settings in /ppp secret most likely override the addresses provided by the profile used. For sure in profiles, you can use an /ip pool item as remote-address. It may be possible also in /ppp secret's remote-address parameter but something is telling me it is not.
Top
 
acssol
just joined
Topic Author
Posts: 14
Joined: Mon Feb 05, 2018 2:13 pm

Re: OVPN S2S with multiple sites/ tunnel networks

Mon Jun 18, 2018 6:36 pm

Normally, each user you use with various ppp interfaces is locally represented by a /ppp secret item and that item refers to a /ppp profile too, plus it also has local-address and remote-address parameter directly in itself. So the default-profile configured for the /interface ovpn-server server is only used if no profile is configured in user's /ppp secret, and the address settings in /ppp secret most likely override the addresses provided by the profile used. For sure in profiles, you can use an /ip pool item as remote-address. It may be possible also in /ppp secret's remote-address parameter but something is telling me it is not.
Thank you very much sindy - I must have been blind not to see this connection! Works like a charm.
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], DanMos79, jaclaz, lif2k3 and 130 guests
  4. RouterOS
  5. General