Community discussions

MikroTik App
 
wolfeyes
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Sun Apr 17, 2011 11:37 am

Static routing within ovpn server bridge

Fri Jul 22, 2022 12:08 pm

Hello,

I need your help on the following routing use case:
I've set up an openvpn router with a couple of connected remote users on the same bridge.
Behind the connected ovpn clients mt routers, there some additional subnets that I need to get access from the ovpn bridge subnet.

Windows PC: 192.168.110.23 ---> MT ovpn router 192.168.110.1 <------- MT ovpn client 192.168.110.60 (with subnet 192.168.14.0/24) <------ host 192.168.140.10

CONFIG 1:

So for the PC to access host 192.168.140.10, I've added a static route on the MT ovpn server:
/ip route
add distance=1 dst-address=192.168.140.10/32 gateway=192.168.110.60

The traceroute on the Windows PC is as follows:

C:\Users\user>tracert -d 192.168.140.10

Tracing route to 192.168.14.10 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.110.1
2 10 ms 14 ms 14 ms 192.168.110.60
3 14 ms 16 ms 7 ms 192.168.140.10

Trace complete.

With this config, ping icmp is working. BUT tcp is not working. Wireshark traces reveal TCP retransmissions.
Then I managed to follow another approach by adding the static route on the windows pc.
---------------------------------------------------------------------------------------------------------------------------------------
CONFIG 2:

C:\Windows\system32>route add 192.168.140.10 mask 255.255.255.255 192.168.110.60
OK!

C:\Windows\system32>tracert -d 192.168.140.10

Tracing route to 192.168.140.10 over a maximum of 30 hops

1 7 ms 7 ms 7 ms 192.168.110.60
2 8 ms 7 ms 7 ms 192.168.140.10

Trace complete.

Now with this approach, TCP is also working with success. But the traffic is not passing from the MT ovpn router.

However I need to avoid adding static routes on the various PCs and server. How can this be resolved on the MT ovpn router?

Who is online

Users browsing this forum: No registered users and 11 guests