Community discussions

MikroTik App
just joined
Topic Author
Posts: 7
Joined: Thu Dec 31, 2020 11:14 am

Routing between VPN

Fri Jan 01, 2021 11:52 am

Hi, Happy New Year!
I open this post to ask you for help on what might be the optimal configuration in my situation.
I have several devices (rb 750) connected via eoip over sstp to a vpn server (RB 2011). I have clients who, through ovpn connections made by windows clients, connect to 2011 and each have to reach their own network behind rb750.
so i wish each opvn could only connect to a certain rb 750 and the devices connected under it.
Can I do this with firewall rules or static routes?
thank you all!

ip lan RB750_1 ip eoip
ip lan RB750_2 ip eoip

ovpn_1 ip
ovpn_2 ip
# dec/31/2020 11:27:34 by RouterOS 6.47.7
# software id = GL1W-76FF
# model = RB2011UiAS
/interface bridge
add name=bridge-S1
add name=bridge-S2
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 password=xx user=xx
/interface eoip
add local-address= mac-address=02:AD:EC:5F:AC:A1 name=eoip-S1 remote-address= tunnel-id=100
add local-address= mac-address=02:24:02:98:DB:C0 name=eoip-S2 remote-address= tunnel-id=101
/ip pool
add name=dhcp_pool0 ranges=
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether5 name=dhcp1
/ppp profile
add name=vpn-profile use-compression=no use-encryption=required
set *FFFFFFFE local-address=
/interface bridge port
add bridge=bridge-S1 interface=ether10
add bridge=bridge-S1 interface=eoip-S1
add bridge=bridge-S2 interface=eoip-S2
/interface ovpn-server server
set auth=sha1 certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=vpn-profile enabled=yes require-client-certificate=yes
/interface sstp-server server
set enabled=yes port=5443
/ip address
add address= disabled=yes interface=ether1 network=
add address= disabled=yes interface=bridge-S1 network=
add address= interface=ether5 network=
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address= dns-server=, gateway=
/ip dns
set servers=
/ip firewall filter
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input dst-port=1723 protocol=udp
add action=accept chain=input dst-port=1194 protocol=tcp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat src-address=
/ip route
add distance=1 gateway=
/ppp secret
add local-address= name=xx password=xx remote-address= service=sstp
add local-address= name=xx password=xx remote-address= service=sstp
add local-address= name=yy password=yy profile=vpn-profile remote-address= service=ovpn
add local-address= name=yy password=yy profile=vpn-profile remote-address= service=ovpn

Who is online

Users browsing this forum: eworm, sindy and 234 guests