Community discussions

MikroTik App
 
marcinx
just joined
Topic Author
Posts: 5
Joined: Wed Jan 25, 2023 1:54 pm

Mikrotik - two links, no access to the router using the IP address.

Wed Jan 25, 2023 3:03 pm

Hi

I am trying to configure a Mikrotik router as follows:
- I have Internet connected to ether1 port where I get an IP address using DHCP client.
On the router, configure the VPN client (ovpn) - interface (ovpn-out1)
I'm adding an interface (ovpn-out1) to the masquerade
ip firewall nat add chain=srcnat out-interface=ovpn-out1 action=masquerade
At this point I am able to select ether1 or ovpn1 link (outgoing IP address) for all devices on the network without any problem by manipulating the "Default Route Distane" value in DHCP client for ether1 interface
Choosing the ovpn-out1 interface
ip dhcp-client set ether1 default-route-distance=10
Choosing the ether1 interface
ip dhcp-client set ether1 default-route-distance=1
Currently, I need to make a modification so that the choice of link depends on which ether2 or ether3 interface the computer connects to
I tried to do it as follows
I remove the ether3 interface from the bridge, create a new bridge2 to which I add the ether3 interface
Next
routing table add name=mark_WAN1 fib
routing table add name=mark_VPN fib
ip firewall mangle add chain=prerouting in-interface=bridge action=mark-routing new-routing-mark=mark_WAN1 passthrough=no
ip firewall mangle add chain=prerouting in-interface=bridge2 action=mark-routing new-routing-mark=mark_VPN passthrough=no
ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=mark_WAN1
at this point, access to the router using the IP address fails, after the MAC address, I can still get in
ip route add dst-address=0.0.0.0/0 gateway=10.8.0.1 routing-table=mark_VPN
After these steps, when I connect the computer to ether2, I exit with the ether1 interface, while when I connect the computer to ether3, I exit with the ovpn-out1 interface.
So everything works fine, the only problem is that I do not have access to the router using the IP address, I have access only via MAC.
Last edited by marcinx on Fri Feb 03, 2023 12:02 am, edited 1 time in total.
 
marcinx
just joined
Topic Author
Posts: 5
Joined: Wed Jan 25, 2023 1:54 pm

Re: Mikrotik - two links, no access to the router using the IP address.

Fri Feb 03, 2023 12:00 am

any ideas?
 
ConradPino
Member
Member
Posts: 337
Joined: Sat Jan 21, 2023 12:44 pm
Contact:

Re: Mikrotik - two links, no access to the router using the IP address.

Fri Feb 03, 2023 8:35 am

What's missing here?
  • A brief local network description:
    • links
    • routers
    • switches
    • client devices
    • IP subnet plan
  • Relevant MikroTik devices by model number.
  • Privacy redacted exports from MikroTik devices.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik - two links, no access to the router using the IP address.

Fri Feb 03, 2023 12:53 pm

amen brother, a coherent request needed for sure!
viewtopic.php?p=908118
 
marcinx
just joined
Topic Author
Posts: 5
Joined: Wed Jan 25, 2023 1:54 pm

Re: Mikrotik - two links, no access to the router using the IP address.

Sun Feb 05, 2023 11:19 pm

I will try to describe my problem again:
Mikrotik has an IP address of 192.168.88.1/24
Computer 1 has an IP address of 192.168.88.15
Computer 2 has an IP address of 192.168.88.152
external IP address for main WAN is e.g. 15.15.15.15
external IP address for VPN to e.g. 20.20.20.20

What I want to achieve is to go to https://ipaddress.my/ so that computer 1 shows the external IP address 15.15.15.15 and computer 2 shows the external IP address 20.20.20.20

I am currently using the configuration below
/certificate import file-name=vpn.crt
/certificate import file-name=vpn.key
/interface ovpn-client add user=vpn certificate=vpn.crt_0 tls-version=any auth=sha256 cipher=aes256 use-peer-dns=yes add-default-route=no protocol=tcp mode=ip profile=default port=43121 connect-to=20.20.20.20
/ip firewall nat add chain=srcnat out-interface=ovpn-out1 action=masquerade
ip dhcp-client set ether1 default-route-distance=10
/ip firewall address-list add address=192.168.88.150-192.168.88.160 list=VPN-list
/routing table add disabled=no fib name=VPN-route
/ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=VPN-route passthrough=yes src-address-list=VPN-list
/ip firewall filter add action=accept chain=forward out-interface=ovpn-out1 src-address-list=VPN-list
/ip route add disabled=no dst-address=0.0.0.0/0 gateway=ovpn-out1 routing-table=VPN-route
After this procedure, computer 1 has an external IP 15.15.15.15, while computer 2 has an external IP 20.20.20.20, so I was successful, but the problem is that from computer 2 I cannot connect to the router using the IP address 192.168.88.1
What to do to be able to connect to the IP address 192.168.88.1 from computer 2, the connection stops working after issuing the following command.
/ip route add disabled=no dst-address=0.0.0.0/0 gateway=ovpn-out1 routing-table=VPN-route

Who is online

Users browsing this forum: devnull0 and 49 guests