Community discussions

MikroTik App
 
davidy
just joined
Topic Author
Posts: 6
Joined: Thu Mar 04, 2021 1:59 pm

VPN Client as Gateway from other VPN Client

Fri Aug 05, 2022 12:23 pm

Hello,

i have a working setup with wireguard and OpenVPN. One central server, und 5 Clients. The VPNs are working. I can connect from every decive every other device with WinBox.
Every client has Internet over WAN, so there is the default firewall NAT rules with srcnat.

Now I want to connect to some device from my client LAN1 (192.168.1.10) (connectet as OpenVPN Client and Wirequard Client) in ones other clients LAN2 (192.168.2.10) (connectet as OpenVPN Client and Wirequard Client) over VPN. How is this possible?

I made on

ROUTER1:
route 192.168.2.0 mask 255.255.255.0 with gateway VPNADDRESSCLIENT2

ROUTER2
put the ovpn-out1 in the LAN Interface List.

But i cannot ping a device from here.... I think i must set up a second NAT on Router2 ?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VPN Client as Gateway from other VPN Client

Fri Aug 05, 2022 1:29 pm

Do not understand your words at all.
Please draw some network diagrams showing equipment and traffic flows........
what is connected on ports and subnets going through them etc...
 
davidy
just joined
Topic Author
Posts: 6
Joined: Thu Mar 04, 2021 1:59 pm

Re: VPN Client as Gateway from other VPN Client

Sat Aug 06, 2022 10:55 am

mikrotik.jpg
The VPNs are working, i need a "route?" on Mikrotik 1, and maybe a "NAT?" on Mikrotik 2, but thats the problem, i dont know:-)

I want to ping and connect to the PC2, better the whole LAN, from the PC1 over VPN

Thanks!
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: VPN Client as Gateway from other VPN Client

Sat Aug 06, 2022 12:22 pm

Is the central server also a Mikrotik or something else?

The thing is that both OpenVPN (on a normal Linux distribution, not on RouterOS) and Wireguard (anywhere including RouterOS) behave as autonomous routers in terms that they get traffic for multiple destinations via the virtual interface that represents them to the main router on which they live, but they have (at least potentially) multiple peers, so they need an internal routing table to know which destinations are reachable via which peer. In Wireguard configuration, this is controlled by the allowed-address list; in native OpenVPN, this is controlled by the iroute directive on the server side (whereas the route directive pushes routes to the client, something that the RouterOS OpenVPN client does not support).
So if this OpenVPN and/or Wireguard internal routing is configured correctly, it is enough to set the "normal" routing properly at all the three devices involved, and you don't need any NAT rules.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VPN Client as Gateway from other VPN Client

Sat Aug 06, 2022 1:54 pm

Lets try to clarify the diagram, and intentions.
You have two mikrotik routers that are clients to a wireguard server.
What is this wireguard server.
a. another MT device in the cloud?
b. third party vpn provider
c. separate 3rd location with MT router?

Yes it should be fairly straightforward to connect both clients up at the wireguard server so that they can reach each other.
In this case its a very specific request.
PCA to reach PCB for example.
 
davidy
just joined
Topic Author
Posts: 6
Joined: Thu Mar 04, 2021 1:59 pm

Re: VPN Client as Gateway from other VPN Client

Sat Aug 06, 2022 2:06 pm

At the moment the server is an Ubuntu Server.

Server, Mikrotik 1 and 2 are all in different locations, only connected over Internet, and OPENVPN and Wireguard are working good.
If its easier, then i can have a new Mikrotik as server, too.

Who is online

Users browsing this forum: Google [Bot], ItchyAnkle, Soleous75 and 85 guests