Community discussions

MikroTik App
 
User avatar
petardo
just joined
Topic Author
Posts: 17
Joined: Fri Sep 25, 2015 4:06 pm

OpenVPN - No Internet

Wed Jul 07, 2021 9:12 am

Hi,
I have a Mikrotik 951G-2HnD in Bridge mode (all 5 ports and the Wireless bridged) and want to use it as a switch, AP and as a VPN Internet gateway as well.
I configured the OpenVPN the same way I used to do it in case of router mode, however - if connected remotely through OpenVPN - now I don't have Internet access.
Any help appreciated.

Config:
/interface bridge
add admin-mac=B8:69:F4:43:BE:A8 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
    20/40mhz-Ce country=no_country_set disabled=no distance=indoors \
    frequency=auto frequency-mode=manual-txpower mode=ap-bridge ssid=xxx \
    station-roaming=enabled wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=xxxx \
    wpa2-pre-shared-key=xxxx
/ip pool
add name=ovpn ranges=192.168.131.2-192.168.131.20
/ip dhcp-server
add address-pool=ovpn interface=bridge name=defconf
/ppp profile
add dns-server=192.168.131.1 local-address=192.168.131.1 name=ovpn \
    remote-address=ovpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server
set certificate=xxx cipher=blowfish128,aes128,aes192,aes256 \
    default-profile=ovpn enabled=yes port=33194
/ip dhcp-client
add disabled=no interface=bridge
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.240 name=router.lan
/ip service
set www-ssl certificate=rackeve.crt_0 disabled=no
set winbox port=33291
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp secret
add name=xxx password=xxx profile=ovpn service=ovpn
add name=xxx password=xxx profile=ovpn service=ovpn
/system clock
set time-zone-name=Europe/Budapest
/system ntp client
set enabled=yes primary-ntp=80.249.164.126
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
OpenVPN Client config:
client
proto tcp-client
port xxx
remote xxx
dev tun
nobind
persist-key
tls-client
redirect-gateway def1
verb 3
ping 10
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass
<ca>xxx</ca>
 
User avatar
petardo
just joined
Topic Author
Posts: 17
Joined: Fri Sep 25, 2015 4:06 pm

Re: OpenVPN - No Internet

Wed Jul 07, 2021 4:58 pm

I think it is not possible to solve it with a simple bridge and no WAN interface. Source NAT is needed.
I have solved it with defining two separate bridges (one for WAN and one for LAN) and NAT-ing.
It works now.

Who is online

Users browsing this forum: Amazon [Bot], eworm, raiod and 84 guests