Community discussions

MikroTik App
 
michalczysz
just joined
Topic Author
Posts: 2
Joined: Thu Nov 07, 2024 8:35 pm

Mikrotik as OpenVPN client routing all VPN connection through wlan

Thu Nov 07, 2024 10:08 pm

Hey guys,
since few days im trying to configure my Mikrotik RB941-2nD as OpenVPN wifi client. I successfully created OpenVPN server behind ISP router, i can access lan network of this server from anywhere (tested on OpenVPN connect on Windows and Android), even when i "import .ovpn" file to my fresh/factory reset send MT RB941-2nD it can establish connection with that first MT OpenVPN Server but i dont know how to follow with configuration that second MT will route all VPN connection through wlan1.
Basically what i want to achieve is to connect to my second MT OVPN Client through wifi and obtain Public IP from my first MT OVP Server.
Here is how i imagine how it looks or should look like
router (2).png
Here is my mikrotik client config
[admin@MikroTik] > export compact hide-sensitive
# 1970-01-02 00:13:11 by RouterOS 7.16.1
# software id = B2U4-RC51
#
# model = RB941-2nD
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge ssid=MikroTik
/interface ovpn-client
add auth=null certificate=client cipher=aes256-gcm connect-to=name.duckdns.org mac-address=FE:21:4F:0B:E8:E8 name=ovpn-import86527 user=wire
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge filter
add action=drop chain=input dst-port=68 in-interface=wlan1 ip-protocol=udp mac-protocol=ip
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
/interface list member
add interface=wlan1 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
/ip dhcp-client
add interface=bridge1
/system note
set show-at-login=no
[admin@MikroTik] > ip address/
[admin@MikroTik] /ip/address> print
Flags: D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
#   ADDRESS          NETWORK      INTERFACE      
0 D 192.168.1.17/24  192.168.1.0  bridge1        
1 D 10.110.1.240/24  10.110.1.0   ovpn-import86527
[admin@MikroTik] /ip/address> ..
[admin@MikroTik] /ip> route/
[admin@MikroTik] /ip/route> print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP, v - VPN
Columns: DST-ADDRESS, GATEWAY, DISTANCE
    DST-ADDRESS       GATEWAY           DISTANCE
DAd 0.0.0.0/0         192.168.1.1              1
DAv 0.0.0.0/1         10.110.1.1               0
DAc 10.110.1.0/24     ovpn-import86527         0
DAv 95.49.185.167/32  192.168.1.1              0
DAv 128.0.0.0/1       10.110.1.1               0
DAc 192.168.1.0/24    bridge1                  0
I really appreciate any help. Thanks!
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21718
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik as OpenVPN client routing all VPN connection through wlan

Thu Nov 07, 2024 10:56 pm

As long as one of the MT devices gets a public IP, or an ISP router its attached to can
a. get a public IP
b. forward a port to the MT device,
Its doable.
However I only know how to do so using wireguard.
 
michalczysz
just joined
Topic Author
Posts: 2
Joined: Thu Nov 07, 2024 8:35 pm

Re: Mikrotik as OpenVPN client routing all VPN connection through wlan

Thu Nov 07, 2024 11:17 pm

As long as one of the MT devices gets a public IP, or an ISP router its attached to can
a. get a public IP
b. forward a port to the MT device,
Its doable.
However I only know how to do so using wireguard.
Yeah, my second client MT is able to obtain public IP from my first MT OVPN server, its this line under /ip route print
Columns: DST-ADDRESS, GATEWAY, DISTANCE
    DST-ADDRESS       GATEWAY           DISTANCE
***
DAv 95.49.185.167/32  192.168.1.1              0
Therefore im not sure if its gets that 95.49.185.167 but i guess it take it by checking ip of providaded domain from my .ovpn file. As well i dont know if the gateway 192.168.1.1 is the gateway from my ovpn server or my local network my MT VPN Client is connected to, since both networks use that same.

Nonetheless, can you provide some more information how to do it with wireguard? I have no reason to stick with OpenVPN, might check different solutions.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21718
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik as OpenVPN client routing all VPN connection through wlan

Fri Nov 08, 2024 12:31 am

What I meant is that for MOST VPNs, one end must have access to a public IP at least at one end of the connection. The purpose of this is so that the peer SERVER can be reached by all users, be they from individual devices (laptop/smartphone) or from individuals behind another remote router. A static public IP is easy to reach, a dynamic one, means you need some dyndns type service to resolve the current WANIP address ( MT devices have one internally which can be used ).

So the question reframed is do either of the upstream Routers, that are connected to the internet get a public IP.
If yes, is either them under your control such that you could forward a port from the upstream router to the MT router.

In your case both upstream devices are ISP Routers.................thus can you at least access the admin page or basic control page on the ISP router to forward a port, assuming the ISP router gets a public IP? Both MT routers will get private IPs as WANIPS, from the ISP Router LAN subnet.

Also would need FULL config of both MT devices. ( i see no firewall rules for example)

/export file=anynameyouwish ( minus router serial number, any public WANIP info, keys etc. )

Who is online

Users browsing this forum: aruro and 26 guests