Hello,
I am not new to networking and VPN, but relatively new to RouterOS.
I have a RB4011 for half a year now and have used it as home router, with multiple VLAN's and PPPoE via SFP+ to ISP.
Added OpenVPN server on the RB4011 (created certificates and separate ovpn pool).
With OpenVPN client on Windows notebook I am able to establish connection to public IP-address and the tunnel comes up, after I added
;;; OpenVPN
chain=input action=accept protocol=tcp in-interface=PPPoE-client
dst-port=1194 log=no log-prefix=""
to the firewall.
So far, so good, but from the Windows notebook I cannot reach any IP-address on the other side of the tunnel.
In IPCONFIG on the notebook there is an IP-adress from the ovn pool, but it has no gateway address.
How do I setup this and what rules do I have to add on the firewall to allow connection from ovpn client to internal devices on different networks, e.g network 192.168.10.0/24 and host 192.168.50.30/32?
Is it possible to define the allowed destinations on the RB4011 or do I need to add the internal destinations in the .ovpn configuraion file for the client?
Any help appreciated.
Re: RB4011 OpenVPN server - Client no gateway
You can either:but it has no gateway address.
1. Configure routes on client (`route add..`): https://openvpn.net/community-resources ... p-routing/
2. Push routes from the server, see https://help.mikrotik.com/docs/display/ROS/OpenVPN (`push-routes` and `redirect-gateway`)
With route configured, you might enable forwarding in firewall of NAT (if required) https://help.mikrotik.com/docs/display/ROS/Filter
Re: RB4011 OpenVPN server - Client no gateway
Thanks for the advices.
After studying the suggested information and a lot of trial and error I discovered that there are two options:
1. Add the local network in the client.ovpn file but without a gateway address, so I added
route 192.168.2.0 255.255.255.255.0 WITHOUT gateway in .ovpn file.
All traffic to the 192.68.2.0/24 network is routed through the VPN tunnel.
2. Remove the route from .ovpn file and change the OVPN server on MikroTik router: Redirect Gateway = def1 (instead of disabled).
All traffic from the client pc is then routed through the VPN tunnel and can be managed by firewall rules on the MikroTik.
After studying the suggested information and a lot of trial and error I discovered that there are two options:
1. Add the local network in the client.ovpn file but without a gateway address, so I added
route 192.168.2.0 255.255.255.255.0 WITHOUT gateway in .ovpn file.
All traffic to the 192.68.2.0/24 network is routed through the VPN tunnel.
2. Remove the route from .ovpn file and change the OVPN server on MikroTik router: Redirect Gateway = def1 (instead of disabled).
All traffic from the client pc is then routed through the VPN tunnel and can be managed by firewall rules on the MikroTik.