Community discussions

MikroTik App
  4. RouterOS
  5. General

VPN and access to remote network

Post Reply
 
kiwitech
just joined
Topic Author
Posts: 9
Joined: Sat Jun 14, 2014 3:04 am

VPN and access to remote network

Thu Nov 14, 2019 11:31 pm

Please see diagram - I am wanting to reach devices on the remote network that have a different gateway to the VPN router. I am not able to access the remote networks usual default gateway to add routes. Any suggestions as to how I could accomplish this?
2019-11-15_10-22-31.jpg
You do not have the required permissions to view the files attached to this post.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: VPN and access to remote network

Thu Nov 14, 2019 11:59 pm

You can use srcnat on VPN router, to hide everything coming from 192.168.2.0/24 to 192.168.1.0/24 behind common 192.168.1.240. Because 192.168.1.240 is local address for any other 192.168.1.x, they will know where to send responses. And VPN router will know that they belong to connections from remote networks and will route them back correctly. While this helps, it's also the one disadvantage, devices in 192.168.1.0/24 won't be able to see real source addresses, so they won't be able to tell 192.168.2.10 from 192.168.2.20 and it can be a problem when you'd want some IP based access rules. But you can't have everything.
Top
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11390
Joined: Mon Dec 04, 2017 9:19 pm

Re: VPN and access to remote network

Fri Nov 15, 2019 12:01 am

Can you place the VPN router between the existing default gateway device on the remote network and all the other devices (i.e. that traffic from all the devices would have to physically pass through the VPN router to the default gateway device)?
Top
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11390
Joined: Mon Dec 04, 2017 9:19 pm

Re: VPN and access to remote network

Fri Nov 15, 2019 12:03 am

it's also the one disadvantage, devices in 192.168.1.0/24 won't be able to see real source addresses, so they won't be able to tell 192.168.2.10 from 192.168.2.20 and it can be a problem when you'd want some IP based access rules.
More than that, the devices in 192.168.1.0/24 would be also be unable to initiate connections to 192.168.2.0/24 unless the OP would create dstnat rules.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: VPN and access to remote network

Fri Nov 15, 2019 12:47 am

Right, but in original post, I see request only for one direction. :)
Top
 
kiwitech
just joined
Topic Author
Posts: 9
Joined: Sat Jun 14, 2014 3:04 am

Re: VPN and access to remote network

Fri Nov 15, 2019 4:55 am

You can use srcnat on VPN router, to hide everything coming from 192.168.2.0/24 to 192.168.1.0/24 behind common 192.168.1.240. Because 192.168.1.240 is local address for any other 192.168.1.x, they will know where to send responses. And VPN router will know that they belong to connections from remote networks and will route them back correctly. While this helps, it's also the one disadvantage, devices in 192.168.1.0/24 won't be able to see real source addresses, so they won't be able to tell 192.168.2.10 from 192.168.2.20 and it can be a problem when you'd want some IP based access rules. But you can't have everything.
Thanks, everything would be nice, but not for this purpose :)

So I added the following and I can access Another Device now:
add action=src-nat chain=srcnat src-address=192.168.2.0/24 to-addresses=192.168.1.240
Top
 
kiwitech
just joined
Topic Author
Posts: 9
Joined: Sat Jun 14, 2014 3:04 am

Re: VPN and access to remote network

Fri Nov 15, 2019 4:56 am

Can you place the VPN router between the existing default gateway device on the remote network and all the other devices (i.e. that traffic from all the devices would have to physically pass through the VPN router to the default gateway device)?
Unfortunately no - we often can't access/change default gateway devices, if we could it would be easy :)
Top
Post Reply
  4. RouterOS
  5. General