Community discussions

MikroTik App
 
kekraiser
just joined
Topic Author
Posts: 23
Joined: Sun Mar 14, 2021 12:04 am

Route between VPN and LAN networks

Thu Nov 11, 2021 10:10 pm

Hello.

I have two networks:

  • 192.168.1.0/24 - for LAN users, connected to bridge with Internet access
  • 192.168.3.0/24 - for OpenVPN users, OVPN server is up'n'running on router, VPN users successfully connected to server

When I connected to the VPN, I want to have access to LAN devices, but this is not working. Obviously, because of different network segments.

Iam play with NAT, IP Routes and IP Firewall, but no luck. For now all firewall and NAT rules are empty (except one NAT masquerade rule for LAN -> Internet access), also no default rules, so nothing is blocked or restricted.

Any suggestions how to configure such routing? I know about "proxy-arp", but it works only for one network segment, it is not my case.

And, for future, maybe it is need to add some rules to access from VPN network to Internet?

Thanks.
 
kekraiser
just joined
Topic Author
Posts: 23
Joined: Sun Mar 14, 2021 12:04 am

Re: Route between VPN and LAN networks

Thu Nov 11, 2021 10:51 pm

Adding "route 192.168.1.0 255.255.255.0" to client *.ovpn config file is also working solution, but it looks weird.
 
terraformer
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Fri Dec 16, 2016 2:06 am

Re: Route between VPN and LAN networks

Fri Nov 19, 2021 1:22 pm

Hi, I'm using OpenVPN as well.
Do you use
tls-client
pull
in your OpenVPN client config? See https://openvpn.net/community-resources ... envpn-2-4/.
As far as I understand, this should get your client the required routes configured on you MikroTik router.

Best
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Route between VPN and LAN networks

Fri Nov 19, 2021 10:09 pm

Adding "route 192.168.1.0 255.255.255.0" to client *.ovpn config file is also working solution, but it looks weird.
It's not weird. Client can route either everything though VPN (I don't remember what's the option for that, probably something with gateway) or only selected subnet(s). If it's the latter, client must somehow know which subnets. Standard OpenVPN can give that info to client (push routes from server to client), but MikroTik's implementation doesn't have that, so routes must be configured on client side.
 
kekraiser
just joined
Topic Author
Posts: 23
Joined: Sun Mar 14, 2021 12:04 am

Re: Route between VPN and LAN networks

Sat Sep 24, 2022 6:38 pm

but MikroTik's implementation doesn't have that, so routes must be configured on client side.
Exacltly this is "weird" I mean: each client must update their config each time routes changed in server, because Mikrotik server cant store configs and push it to the client.
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Route between VPN and LAN networks

Sat Sep 24, 2022 11:50 pm

Well, in this sense, whole MikroTik's implementation is weird. It's not completely clear why they made their own in the first place. They started many years ago when OpenVPN was very popular and added basic TCP-only version. It seems that it was quite a nightmare for them. But they kept going. Even when nobody really expected it anymore, they added UDP transport. And they keep adding or fixing other small things. But for some unknown reason they still ignore some parts.

Personally I don't care anymore, because simply put, it's not possible to wait for over ten years whether they'll add something or not. But I wonder why they keep lagging behind, even with things that don't seem difficult when compared to all the rest.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 561
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Route between VPN and LAN networks

Sat Sep 24, 2022 11:59 pm

Right now, I'm working on a docker image for my OVPN. I even found a Plugin for Radius to MT.
2022-09-25_00-26-16.jpg
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Route between VPN and LAN networks

Sun Sep 25, 2022 2:25 am

It's perfect example why I have mixed feelings about containers in RouterOS. On one hand it's great that you can run anything you want, even exotic things that MikroTik would never add. But if I needed complete OpenVPN, I'd very much prefer if MikroTik finished theirs, instead of having to rely on containers, which means extra work, won't have the nice and friendly RouterOS GUI for all settings, and will run only on subset of devices that support containers. And if I'd be paranoid, it can be also used as excuse by MikroTik, why they don't have to finish their implementation.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 561
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Route between VPN and LAN networks

Sun Sep 25, 2022 3:38 am

I agree. However, in the past few versions' log changes, There were a few changes to OVPN. It seems they are working on it. In the meantime, a container option is handy. Although, I raised a support ticket for OVPN problems.

I have two operational containers at my CHR. Overall, It's a neat option to have. I think paying less for resources and gaining more from what you already have is always lovely.
2022-09-25_03-37-23.jpg
2022-09-25_03-41-01.jpg
You do not have the required permissions to view the files attached to this post.
 
mstaffa81
just joined
Posts: 1
Joined: Tue Oct 04, 2022 4:07 pm

Re: Route between VPN and LAN networks

Tue Oct 04, 2022 4:09 pm

Howdy there. Very new to the Mikrotik router world, but I'm trying to get the container feature enabled on a cloud-hosted RouterOS v7.5 machine and have run into some trouble. May I ask how you got it to work? Mine is hosted on a hypervisor and has no physical buttons to push to enable this.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 561
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Route between VPN and LAN networks

Wed Oct 05, 2022 4:47 am

A hard reset from the hypervisor should do the job. It's what I have done with ESXi.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14354
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Route between VPN and LAN networks

Wed Oct 05, 2022 2:32 pm

Why use openvpn vice wireguard?? Curious.

Who is online

Users browsing this forum: No registered users and 8 guests