Community discussions

MikroTik App
 
Eremsys
just joined
Topic Author
Posts: 1
Joined: Thu May 03, 2018 12:00 am

Two mikrotiks, one openvpn server

Wed May 11, 2022 1:22 pm

Hello mikrotik fans,

There are 2 locations with mikrotiks, they are both connected to each other via L2TP S2S VPN, which is fine.

1st one is running an ovpn server. Openvpn clients can connect to it and access local network, but they cannot access local network in the 2nd one.

Any ideas how to make it work, so the current openvpn clients can see the local network from the 2nd one?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two mikrotiks, one openvpn server

Wed May 11, 2022 2:32 pm

Look at subnets/address ranges used, routing, and firewall rules. Maybe the OVPN clients do not have routes to the LAN subnet of the 2nd Mikrotik, maybe the 2nd Mikrotik doesn't have a route to the subnet (range) from which the 1st one assigns addresses to the OVPN clients, maybe the 1st Mikrotik doesn't permit forwarding traffic via the L2TP tunnel, maybe the 2nd Mikrotik doesn't accept traffic from the address range assigned to the OVPN clients...

/tool sniffer quick is your friend - it will show you how far a ping request gets, whether it gets responded at destination, and how far the response gets.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Two mikrotiks, one openvpn server

Wed May 11, 2022 2:44 pm

Hello mikrotik fans,

There are 2 locations with mikrotiks, they are both connected to each other via L2TP S2S VPN, which is fine.

1st one is running an ovpn server. Openvpn clients can connect to it and access local network, but they cannot access local network in the 2nd one.

Any ideas how to make it work, so the current openvpn clients can see the local network from the 2nd one?
SO are you saying you are using the Connection LT2P as a link between the two MIKROTIKs, which you would like external Users to be able to access after entering Mikrotik Router 1 through the 'other' VPN< the OpenVPN client??

Figure out how to ensure that
a. Clients are allowed from OpenVPN connection on the forward chain to the LT2P tunnel
b. Clients are routable from the OPenVPN connection to the LT2P tunnel and back!
c. Clients after entering the LT2P tunnel and exit the second MT have the forward chain and routing capabilities to have their traffic reach servers and back.

Would be dirt easy with Wireguard! ( By that I mean, one still need to do the hard work of ensuring filter rules, routes etc are still in place ) but in that there would be no need for two different VPNs, as it all could be one with one WIREGUARD interface schema, and even it one used a combination of OpenVPN and Wireguard, I believe (not with certaintly), that overall WG is simpler than L2TP

Who is online

Users browsing this forum: aoravent, Google [Bot], K0NCTANT1N, ofatieiev and 63 guests