Community discussions

MikroTik App
  4. RouterOS
  5. General

OVPN disregards subnet masks?

Post Reply
 
bkus
just joined
Topic Author
Posts: 7
Joined: Sun Sep 23, 2012 10:05 pm

OVPN disregards subnet masks?

Fri Mar 08, 2013 8:02 am

Hi,

I setup an OVPN client/server TAP connection. The server is set like so:
Code: Select all
/ppp profile
add bridge=bridge-local local-address=ovpn-pool name=ovpn remote-address=ovpn-pool use-encryption=required
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=ovpn-pool ranges=10.2.2.0/28
Notice the /28!

But when I dial the client in, I get this for an address:
Code: Select all
[admin@ClientRouter] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 1 D 10.2.2.4/24        10.2.2.0        ovpn-out1
Notice the /24!

Is this a bug? I would expect the /28 to be preserved when it's being re-assigned to clients. On the server side, the situation is better:
Code: Select all
[admin@SiteRouter] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 3 D 10.2.2.0/32        10.2.2.4        ovpn-bart
And just to verify that this local address on the client does indeed make a /24 entry in the routing table:
Code: Select all
[admin@ClientRouter] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 1 ADC  10.2.2.0/24        10.2.2.4        test                      0
Help?
Top
 
bkus
just joined
Topic Author
Posts: 7
Joined: Sun Sep 23, 2012 10:05 pm

Re: OVPN disregards subnet masks?

Tue Mar 12, 2013 6:18 pm

Looks like I didn't look in the right place to set the netmask:
Code: Select all
[admin@SiteRouter] /ppp> /interface ovpn-server server print
                     enabled: yes
                        port: 1194
                        mode: ethernet
                     netmask: 24
                 mac-address: FE:91:A7:C9:AF:3F
                     max-mtu: 1500
           keepalive-timeout: 60
             default-profile: default
                 certificate: none
  require-client-certificate: yes
                        auth: sha1
                      cipher: aes256
Top
Post Reply
  4. RouterOS
  5. General