Community discussions

MikroTik App
  4. RouterOS
  5. General

Connect to my routers IP itself via OVPN ethernet mode

Post Reply
 
dzo
newbie
Topic Author
Posts: 29
Joined: Mon Feb 04, 2019 2:53 pm

Connect to my routers IP itself via OVPN ethernet mode

Wed Feb 10, 2021 10:18 pm

I want to connect via OVPN to my network. I use Ethernet-Mode to get a L2-Connection for simple access to some machines inside.

It still works for all machines behind, if I want to talk to them adressing them by IP or MAC - just the routerboard running the OVPN-Server fails connecting by IP. Connection by MAC works.
If I try the routerboard in the network - I can connect them all by winbox.exe using IP or MAC. Only the one my tunnel ends I only have the possibility to talk to by MAC. What can I do to get the connection by IP?

Here my config on that router:
Code: Select all
# feb/10/2021 19:42:57 by RouterOS 6.48
# model = RBD52G-5HacD2HnD
/interface bridge
add frame-types=admit-only-vlan-tagged name=bridge1 pvid=101 vlan-filtering=\
    yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1LAG_uplink
set [ find default-name=ether2 ] name=ether2LAG_uplink
set [ find default-name=ether3 ] name=ether3_Stromregelung
set [ find default-name=ether4 ] name=ether4
/interface wireless
# managed by CAPsMAN
# channel: 2462/20/gn(20dBm), SSID: KnightWLAN, local forwarding
set [ find default-name=wlan1 ] antenna-gain=0 country=no_country_set \
    disabled=no frequency-mode=manual-txpower name=wlan2G ssid=MikroTik \
    station-roaming=enabled
# managed by CAPsMAN
# channel: 5180/20-Ce/ac/P(23dBm), SSID: KnightWLAN, local forwarding
set [ find default-name=wlan2 ] antenna-gain=0 country=no_country_set \
    disabled=no frequency-mode=manual-txpower name=wlan5G ssid=MikroTik \
    station-roaming=enabled
/interface ovpn-server
add name=ovpn-DLT user=DLT
add name=ovpn-DPC user=DPC
/interface vlan
add interface=bridge1 name=vlan101Main vlan-id=101
add interface=bridge1 name=vlan102Kids vlan-id=102
add interface=bridge1 name=vlan103Teens vlan-id=103
add interface=bridge1 name=vlan201Einrichter vlan-id=201
/interface bonding
add arp-ip-targets=192.168.10.24 link-monitoring=none mode=802.3ad name=\
    LAG1uplink slaves=ether1LAG_uplink,ether2LAG_uplink transmit-hash-policy=\
    layer-2-and-3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=OVPN ranges=192.168.9.10-192.168.9.200
/ppp profile
add dns-server=192.168.10.1 local-address=192.168.10.20 name=RoadWarrior \
    remote-address=OVPN use-compression=no use-encryption=required use-ipv6=\
    no wins-server=192.168.10.1
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3_Stromregelung pvid=201
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether4 pvid=101
add bridge=bridge1 interface=ether5 pvid=101
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
    interface=LAG1uplink pvid=101
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=ovpn-DLT pvid=101
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,wlan2G,wlan5G,*1B,*1F,LAG1uplink untagged=\
    ether4,ether5,vlan101Main,ovpn-DLT vlan-ids=101
add bridge=bridge1 tagged=*19,*1D,LAG1uplink untagged=vlan102Kids vlan-ids=\
    102
add bridge=bridge1 tagged=*1A,*1E,LAG1uplink untagged=vlan103Teens vlan-ids=\
    103
add bridge=bridge1 tagged=*1C,*20,LAG1uplink untagged=\
    vlan201Einrichter,ether3_Stromregelung vlan-ids=201
/interface ovpn-server server
set auth=sha1 certificate=server.crt_0 cipher=aes256 default-profile=\
    RoadWarrior enabled=yes mode=ethernet netmask=22 \
    require-client-certificate=yes
/interface wireless cap
#
set bridge=bridge1 caps-man-addresses=192.168.10.18 caps-man-names=LANRouter \
    certificate=request discovery-interfaces=vlan101Main enabled=yes \
    interfaces=wlan2G,wlan5G
/ip address
add address=192.168.10.20/22 interface=vlan101Main network=192.168.8.0
/ip dns
set servers=192.168.10.1,192.168.10.2
/ip route
add check-gateway=ping distance=1 gateway=192.168.10.16
add distance=1 dst-address=192.168.8.0/22 gateway=vlan101Main
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/ppp secret
add local-address=192.168.9.9 name=DLT profile=RoadWarrior
add name=DPC profile=RoadWarrior
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=APSw
/system ntp client
set enabled=yes primary-ntp=192.168.10.1 secondary-ntp=192.168.10.16

and the client:
Code: Select all
# Bridged mode!

dev tap
proto tcp-client

remote TheNetworkIWantToConnectTo.de 8080 # Remote OpenVPN Servername or IP address

ca   keys/rootca.crt
cert keys/client2.crt
key  keys/client2.pem

tls-client

#comp-lzo # Do not use compression. It doesn't work with RouterOS (at least up to RouterOS 3.0rc9)

# More reliable detection when a system loses its connection.
ping 15
#ping-restart 45
#ping-timer-rem
#persist-tun
persist-key
nobind
mute-replay-warnings
verb 3

cipher AES-256-CBC
auth SHA1
pull

auth-user-pass auth.cfg

dhcp-option DNS 192.168.10.1
dhcp-option WINS 192.168.10.1
redirect-gateway def1

Any idea?
Top
 
dzo
newbie
Topic Author
Posts: 29
Joined: Mon Feb 04, 2019 2:53 pm

Re: Connect to my routers IP itself via OVPN ethernet mode

Sun Feb 21, 2021 4:15 pm

Maybe it's a dumb question, but can anyone explain this behavior to me?
Top
Post Reply
  4. RouterOS
  5. General