Community discussions

MikroTik App
 
urknall
newbie
Topic Author
Posts: 36
Joined: Fri Aug 22, 2014 3:27 pm

OpenVPN server - site to site setup - same subnet on both sites

Tue Nov 29, 2022 2:53 pm

Hi,

i am trying to setup an OpenVPN server in TAP mode with site to site setup with the same subnet on both sites / ethernet mode.

I managed to get it running in TUN mode, but TAP mode is not working somehow. I can ping from each site, but normal traffic from client is not working.
I guess i am missing a route or I configured the subnets/addresses wrong somehow.

server config:
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx arp=proxy-arp auto-mac=no name=bridge

/interface ovpn-server
add name=<ovpn-hap-ac2> user=hap-ac2

/ip pool
add name=ovpn10 ranges=10.100.10.37-10.100.10.38
add name=ovpn9 next-pool=ovpn10 ranges=10.100.10.33-10.100.10.34
add name=ovpn8 next-pool=ovpn9 ranges=10.100.10.29-10.100.10.30
add name=ovpn7 next-pool=ovpn8 ranges=10.100.10.25-10.100.10.26
add name=ovpn6 next-pool=ovpn7 ranges=10.100.10.21-10.100.10.22
add name=ovpn5 next-pool=ovpn6 ranges=10.100.10.17-10.100.10.18
add name=ovpn4 next-pool=ovpn5 ranges=10.100.10.13-10.100.10.14
add name=ovpn3 next-pool=ovpn4 ranges=10.100.10.9-10.100.10.10
add name=ovpn2 next-pool=ovpn3 ranges=10.100.10.5-10.100.10.6
add name=ovpn1 next-pool=ovpn2 ranges=10.100.10.1-10.100.10.2
add name=dhcp_pool_default ranges=10.10.10.120-10.10.10.200

/ppp profile
add bridge=bridge dns-server=10.10.10.22,10.10.10.1 local-address=ovpn1 name=\
    openvpn-tap remote-address=ovpn1

/interface ovpn-server server
set auth=sha1 certificate=xxx cipher=aes256 enabled=yes max-mtu=\
    1492 mode=ethernet netmask=8 port=443 protocol=udp \
    require-client-certificate=yes

/ip address
add address=10.10.10.1/16 interface=bridge network=10.10.0.0

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

/ppp secret
add name=hap-ac2 password=xxx profile=openvpn-tap service=ovpn

client config:
/interface bridge
add name=bridge_mybridged
add comment=mvpn name=bridge_myvpn

/ip pool
add name=dhcp_myvpn_tap ranges=10.10.20.40-10.10.20.200

/ip dhcp-server
add address-pool=dhcp_myvpn_tap interface=bridge_myvpn name=myvpn

/ppp profile
add bridge=bridge_myvpn change-tcp-mss=yes name=openvpn-tap use-encryption=\
    yes

/interface ovpn-client
add certificate=xxxxx cipher=aes256 connect-to=\
    my-dynamic-hostname mac-address=xx:xx:xx:xx:xx:xx mode=ethernet \
    name=openvpn_home password=xxx port=443 profile=openvpn-tap \
    protocol=udp user=hap-ac2

/interface bridge port
add bridge=bridge_myvpn ingress-filtering=no interface=ether5
add bridge=bridge_mybridged ingress-filtering=no interface=ether1

/ip address
add address=10.10.20.1/16 interface=bridge_myvpn network=10.10.0.0

/ip dhcp-client
add comment=defconf interface=bridge_mybridged

/ip dhcp-server network
add address=10.10.0.0/16 comment="MyVPN TAP Mode" dns-server=\
    10.10.10.22,10.10.10.1,10.10.20.1 domain=duron.sarabriga.net gateway=\
    10.10.20.1 ntp-server=10.10.10.1

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface-list=WAN
Anyone can point me in the right direction?
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 274
Joined: Mon Oct 02, 2006 11:47 am

Re: OpenVPN server - site to site setup - same subnet on both sites

Thu Dec 01, 2022 2:19 pm

Why don't you just use EoIP tunnel?

Who is online

Users browsing this forum: lurker888 and 37 guests