MikroTik

Community discussions
https://forum.mikrotik.com/

OpenVPN Server connected clients can't reach local network

https://forum.mikrotik.com/viewtopic.php?t=127474

Page 1 of 1

OpenVPN Server connected clients can't reach local network

Posted: Tue Nov 07, 2017 11:11 am
by savage75
Hi,
Was searching the internet and the forum regarding OpenVPN Server setup, i'm suing mikrotik with RouterOs 6.36.1 .
I'm able to connect to the without any problems but the connected clients can't reach the local network or ping

local network ips:
10.10.102.0/23
10.10.100.0/23
10.10.104.0/23
?
tried to push or add on client config but no luck as i was reading its not supported by RouterOs.
any suggestion how to solve this.

router and OpenVPN server configuration:-
Code: Select all
/interface ethernet
set [ find default-name=ether2 ] name=LAN
set [ find default-name=ether1 ] name=WAN

/ip neighbor discovery
set WAN discover=no

/ip pool
add name=ovpn-pool ranges=10.10.103.150-10.10.103.199

/ip dhcp-server
add address-pool=ovpn-pool interface=LAN name=defconf

/ppp profile
add change-tcp-mss=yes dns-server=10.10.102.1 local-address=10.10.102.1 name=OVpn_profile remote-address=ovpn-pool use-encryption=required

/interface ovpn-server server
set auth=sha1 certificate=SERVER cipher=aes256 default-profile=OVpn_profile enabled=yes netmask=23 require-client-certificate=yes

/ip address
add address=10.10.102.18/23 interface=LAN network=10.10.102.0
add address=98.138.253.109/28 interface=WAN network=98.138.253.96

/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=WAN

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=192.168.88.1 name=router

/ip firewall address-list
add address=10.10.0.0/16 list=BLACKNETS

/ip firewall filter
add action=accept chain=input dst-port=1194 protocol=tcp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=WAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=WAN

/ip route
add distance=1 gateway=98.138.253.97
add distance=1 dst-address=10.10.0.0/16 gateway=10.10.102.1

/ppp secret
add name=test password=test profile=OVpn_profile service=ovpn

/system routerboard settings
set memory-frequency=1200DDR protected-routerboot=disabled

/tool mac-server
set [ find default=yes ] disabled=yes
add interface=LAN

/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=LAN
client config:-
Code: Select all

client
dev tun
proto tcp-client
remote 98.138.253.109
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca CA.crt
cert CLIENT.crt
key  CLIENT.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-nocache
dhcp-option DOMAIN now.local
dhcp-option DNS 10.10.100.4
redirect-gateway def1
;redirect-gateway autolocal
;route 10.10.100.0 255.255.254.0 10.10.100.1

many thanks.

Re: OpenVPN Server connected clients can't reach local network

Posted: Fri Nov 10, 2017 10:02 am
by mali2003
hi,

1. enable in client.conf "route 10.10.100.0 ...."
2. try to connect with oney ONE client to server and lock if local network is available (first via IP not hostname)
3. do not asign the same ip addresses to you lan interface and vpn interface, check to different
after that you can try to do with ip pools and dhcp
in openvpn on routeros ip pools and openvpn does not work as you might expect.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/