Page 1 of 1


Posted: Thu Nov 07, 2019 11:20 pm
by Mirela
How can I configure VPN passthrough on RB2011Ui.
I have VPN server and it works great when I connect from WAN, if want to connect from LAN it doesn’t want to connect.
VPN is standalone server not on mikrotik.
All I want is that VPN traffic is passthrough Mikrotik even if connection is made from LAN.



Posted: Fri Nov 08, 2019 12:07 pm
by Zacharias
VPN type ?
Can you provide a simple diagram of the network?


Posted: Fri Nov 08, 2019 12:15 pm
by erlinden
Why don't you just resolve your VPN server to your private IP address (of the VPN server) instead of the public IP address? Or connect to the VPN server on (private) IP address? I assume this is only for testing purposes?


Posted: Fri Nov 08, 2019 5:05 pm
by Mirela

VPN is IKEv2 on Strongswan running debian. I want to enable vpn passthrough so I can have VPN connection enabled even when phones and laptops are in home network. Now I need to manually enable vpn every time I am outside of the office.

Mikrotik have IP
VPN server
Pool for VPN clients is to
On Mikrotik is enabled port forwarding from eth1 to on ports 500 and 4500.
On eth1 is modem.


Posted: Sat Nov 09, 2019 6:44 am
by mf761
For getting the traffic to your VPN server beeing routed correct you need dstnat of your VPN ports to the address type local to your VPN server and also a srcnat masquerade of the outinterface of the bridge.

that should work

but the question is, why do you want to connect to your local VPN from the same local network, or is behind that VPN another network?
VPN you use to connect from the WAN with a secure channel to your private network!



Posted: Sat Nov 09, 2019 7:53 pm
by gkk