i am trying to setup an OpenVPN server in TAP mode with site to site setup with the same subnet on both sites / ethernet mode.
I managed to get it running in TUN mode, but TAP mode is not working somehow. I can ping from each site, but normal traffic from client is not working.
I guess i am missing a route or I configured the subnets/addresses wrong somehow.
server config:
Code: Select all
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx arp=proxy-arp auto-mac=no name=bridge
/interface ovpn-server
add name=<ovpn-hap-ac2> user=hap-ac2
/ip pool
add name=ovpn10 ranges=10.100.10.37-10.100.10.38
add name=ovpn9 next-pool=ovpn10 ranges=10.100.10.33-10.100.10.34
add name=ovpn8 next-pool=ovpn9 ranges=10.100.10.29-10.100.10.30
add name=ovpn7 next-pool=ovpn8 ranges=10.100.10.25-10.100.10.26
add name=ovpn6 next-pool=ovpn7 ranges=10.100.10.21-10.100.10.22
add name=ovpn5 next-pool=ovpn6 ranges=10.100.10.17-10.100.10.18
add name=ovpn4 next-pool=ovpn5 ranges=10.100.10.13-10.100.10.14
add name=ovpn3 next-pool=ovpn4 ranges=10.100.10.9-10.100.10.10
add name=ovpn2 next-pool=ovpn3 ranges=10.100.10.5-10.100.10.6
add name=ovpn1 next-pool=ovpn2 ranges=10.100.10.1-10.100.10.2
add name=dhcp_pool_default ranges=10.10.10.120-10.10.10.200
/ppp profile
add bridge=bridge dns-server=10.10.10.22,10.10.10.1 local-address=ovpn1 name=\
openvpn-tap remote-address=ovpn1
/interface ovpn-server server
set auth=sha1 certificate=xxx cipher=aes256 enabled=yes max-mtu=\
1492 mode=ethernet netmask=8 port=443 protocol=udp \
require-client-certificate=yes
/ip address
add address=10.10.10.1/16 interface=bridge network=10.10.0.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ppp secret
add name=hap-ac2 password=xxx profile=openvpn-tap service=ovpn
client config:
Code: Select all
/interface bridge
add name=bridge_mybridged
add comment=mvpn name=bridge_myvpn
/ip pool
add name=dhcp_myvpn_tap ranges=10.10.20.40-10.10.20.200
/ip dhcp-server
add address-pool=dhcp_myvpn_tap interface=bridge_myvpn name=myvpn
/ppp profile
add bridge=bridge_myvpn change-tcp-mss=yes name=openvpn-tap use-encryption=\
yes
/interface ovpn-client
add certificate=xxxxx cipher=aes256 connect-to=\
my-dynamic-hostname mac-address=xx:xx:xx:xx:xx:xx mode=ethernet \
name=openvpn_home password=xxx port=443 profile=openvpn-tap \
protocol=udp user=hap-ac2
/interface bridge port
add bridge=bridge_myvpn ingress-filtering=no interface=ether5
add bridge=bridge_mybridged ingress-filtering=no interface=ether1
/ip address
add address=10.10.20.1/16 interface=bridge_myvpn network=10.10.0.0
/ip dhcp-client
add comment=defconf interface=bridge_mybridged
/ip dhcp-server network
add address=10.10.0.0/16 comment="MyVPN TAP Mode" dns-server=\
10.10.10.22,10.10.10.1,10.10.20.1 domain=duron.sarabriga.net gateway=\
10.10.20.1 ntp-server=10.10.10.1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface-list=WAN