OpenVpn

aliassa · Sun Sep 08, 2024 2:20 pm

Hello everyone, I can't access the local segment. There is a local network 192.170.0.0/21 and OPENVPN 10.8.8.0/24, when connecting from a remote network there should be access to 192.170.0.0/21. I assume that the problem is in the routes, but I seem to be trying to register them in statics, there are no results. Below is the system configuration, I would be very glad if you could help solve the issue. Thank you.

Routes:

[sa@MikroTik-Office] > /ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  ;;; Startnet default
        0.0.0.0/0          180.32.201.34    180.32.201.33              1
 1   S  ;;;     
        10.8.8.0/24                        s.s                       1
 2 X S  10.8.8.0/24                        *F001D0                   1
 3 X S  ;;;                 
        10.8.8.0/24                        s.s                       1
 4 ADC  10.8.8.183/32      10.8.8.1        <ovpn-Mikrotik2...        0
 5 ADC  10.8.8.189/32      10.8.8.1        <ovpn-Mikrotik21>         0
 6 ADC  10.8.8.191/32      10.8.8.1        <ovpn-Mikrotik19>         0
 7 ADC  10.8.8.192/32      10.8.8.1        <ovpn-Mikrotik18>         0
 8 ADC  10.8.8.193/32      10.8.8.1        <ovpn-Mikrotik1...        0
 9 ADC  10.8.8.194/32      10.8.8.1        <ovpn-Mikrotik16>         0
10 ADC  10.8.8.216/32      10.8.8.1        <ovpn-Mikrotik8>          0
11 ADC  10.8.8.217/32      10.8.8.1        <ovpn-Mikrotik9>          0
12 ADC  10.8.8.218/32      10.8.8.1        <ovpn-Mikrotik10>         0
13 ADC  10.8.8.219/32      10.8.8.1        <ovpn-Mikrotik11>         0
14 ADC  10.8.8.220/32      10.8.8.1        <ovpn-Mikrotik12>         0
15 ADC  10.8.8.221/32      10.8.8.1        <ovpn-Mikrotk13>          0
17 ADC  10.8.8.223/32      10.8.8.1        <ovpn-Mikrotik14>         0
18 ADC  10.8.8.227/32      10.8.8.1        <ovpn-Mikrotik7>          0
19 ADC  10.8.8.231/32      10.8.8.1        <ovpn-Mikrotik4>          0
20 ADC  10.8.8.233/32      10.8.8.1        <ovpn-Mikrotik2>          0
25 ADC  10.8.8.247/32      10.8.8.1        <ovpn-Cam_obl-2>          0
27 A S  10.168.0.176/29                    192.170.1.197             1
28   S  10.168.0.180/32                    10.8.8.228                1
29 ADC  180.32.201.32/29    180.32.201.34    ether1                    0
30 ADC  192.167.1.0/24     192.167.1.2     bridge                    0
31 A S  192.168.10.0/24                    10.8.8.252                1
32 A S  192.168.11.0/24                    10.8.8.183                1
33   S  192.168.13.0/24                    10.8.8.153                1
34 ADC  192.168.96.0/20    192.168.100.100 bridge                    0
35 ADC  192.169.0.0/20     192.169.0.100   bridge                    0
36 ADC  192.170.0.0/21     192.170.0.100   bridge                    0
37   S  ;;;     
        192.170.0.0/21                     s.s                       1
38 A S  192.170.1.197/32                   192.170.0.12              1
39 ADC  192.172.0.0/24     192.172.0.1     bridge                    0
40 ADC  192.173.0.0/21     192.173.0.100   bridge                    0
41 A S  192.174.1.0/24                     10.8.8.183                1

Adresses:

[sa@MikroTik-Office] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                
 0   192.170.0.100/21   192.170.0.0     bridge                                   
 1   ;;;  Startnet default
     180.32.201.34/29    180.32.201.32    ether1                                   
 2   192.169.0.100/20   192.169.0.0     bridge                                   
 3 X 192.170.0.12/32    192.170.0.12    bridge                                   
 4   ;;;             
     192.173.0.100/21   192.173.0.0     bridge                                                                                                 
 7   192.167.1.2/24     192.167.1.0     bridge                                   
 8   192.168.100.100/20 192.168.96.0    bridge                                   
 9   192.172.0.1/24     192.172.0.0     bridge                                   
10 D 10.8.8.1/32        10.8.8.216      <ovpn-Mikrotik8>                         
11 D 10.8.8.1/32        10.8.8.219      <ovpn-Mikrotik11>                        
12 D 10.8.8.1/32        10.8.8.221      <ovpn-Mikrotk13>                                                             
15 D 10.8.8.1/32        10.8.8.231      <ovpn-Mikrotik4>                         
16 D 10.8.8.1/32        10.8.8.218      <ovpn-Mikrotik10>                                            
18 D 10.8.8.1/32        10.8.8.223      <ovpn-Mikrotik14>                        
19 D 10.8.8.1/32        10.8.8.227      <ovpn-Mikrotik7>                         
20 D 10.8.8.1/32        10.8.8.233      <ovpn-Mikrotik2>                         
21 D 10.8.8.1/32        10.8.8.194      <ovpn-Mikrotik16>                                                             
24 D 10.8.8.1/32        10.8.8.192      <ovpn-Mikrotik18>                        
25 D 10.8.8.1/32        10.8.8.220      <ovpn-Mikrotik12>                        
26 D 10.8.8.1/32        10.8.8.217      <ovpn-Mikrotik9>                                                
28 D 10.8.8.1/32        10.8.8.183      <ovpn-Mikrotik27-1>                                                               
31 D 10.8.8.1/32        10.8.8.191      <ovpn-Mikrotik19>                        
32 D 10.8.8.1/32        10.8.8.189      <ovpn-Mikrotik21>

sukram · Sun Sep 08, 2024 6:39 pm

You probably should setup "Push Routes" on the Server to get the route send to your clients, see https://help.mikrotik.com/docs/display/ ... ientConfig.

This will only work with ROS 7.14 or newer on server side, the line is cut off on your screenshot, in Terminal you could use this:

/interface ovpn-server server set push-routes="192.170.0.0 255.255.248.0 10.8.8.1 9"

OpenVpn

OpenVpn

Re: OpenVpn