Community discussions

MikroTik App
 
dacora
just joined
Topic Author
Posts: 2
Joined: Sun Jan 08, 2023 12:59 pm

Connect single IP to VPN

Sun Jan 08, 2023 1:02 pm

I have a single IP on my network that I would like to connect to the internet via an OpenVPN connection.

Is that possible, if yes: what is the approach here? I assume I need to create a opvnclient and somehow wire things up.
Perhaps someone know a guide or could provide some insight on what I need to do
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Connect single IP to VPN

Sun Jan 08, 2023 11:50 pm

Hmmm ... you have running network with connection to Internet and what do you want to connect to Internet?
Device from your LAN? Your router? Device from WAN side to your network?
Even crystall ball says nothing what is the problem.
Image
 
dacora
just joined
Topic Author
Posts: 2
Joined: Sun Jan 08, 2023 12:59 pm

Re: Connect single IP to VPN

Thu Jan 12, 2023 10:36 pm

I'll try and be a bit more specific.
Basically, I have a particular device (MAC address) on my LAN that I want to access the internet via a VPN tunnel.
The device should connect though a OpenVPN server that I've been provided. The rest of the devices on the network should just access the internet normally.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2984
Joined: Mon Apr 08, 2019 1:16 am

Re: Connect single IP to VPN

Thu Jan 12, 2023 11:14 pm

So one device should use the OpenVPN tunnel.

This can be done with routing. There are multiple options to set this up in routing (IP route, Routing, VRF, Rules, Tables) and using routing marks
Menu's in Winbox are on different places for RouterOS 6 and RouterOS 7 !
So it can become confusing.

See https://help.mikrotik.com/docs/display/ ... cy+Routing
There are multiple solutions, and that alone can make it confusing.


Could be as simple as this for outgoing connections (with a static src IP address 192.168.188.2, and VPN gateway on 192.168..1.1, and VPN interface in the WAN interface list)
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
    
 /ip route
add comment="only for XXX, goes via VPN" distance=1 gateway=192.168.1.1 \
    routing-mark=XXX_to_VPN

/ip route rule
add action=lookup-only-in-table dst-address=0.0.0.0/0 src-address=\
    192.168.188.2/32 table=XXX_to_VPN
Last edited by bpwl on Thu Jan 12, 2023 11:44 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connect single IP to VPN

Thu Jan 12, 2023 11:29 pm

1- good choice using MT router
2-what happened LOL, you should be using wiregaurd for VPN LOL.
3. yes routing.

table
/routing table add fib name=useVPN
/ip route
add dst=0.0.0.0/0 gwy=openvpn-gatewayIP table=useVPN
/routing rule add src-address=subnet (or single IP address) table=useVPN

Note if you are forcing all out VPN tunnel then one would not be able to configure the router or reach another subnet..........
SO suggesting that order counts and you may need more routing rules but without further info hard to tell.

Who is online

Users browsing this forum: abdullanetworking, Bing [Bot], cmmike, Google [Bot], uxertxo and 35 guests