MikroTik

Community discussions
https://forum.mikrotik.com/

Mikrotik - two links, no access to the router using the IP address.

https://forum.mikrotik.com/viewtopic.php?t=192973

Page 1 of 1

Mikrotik - two links, no access to the router using the IP address.

Posted: Wed Jan 25, 2023 3:03 pm
by marcinx
Hi

I am trying to configure a Mikrotik router as follows:
- I have Internet connected to ether1 port where I get an IP address using DHCP client.
On the router, configure the VPN client (ovpn) - interface (ovpn-out1)
I'm adding an interface (ovpn-out1) to the masquerade
Code: Select all
ip firewall nat add chain=srcnat out-interface=ovpn-out1 action=masquerade
At this point I am able to select ether1 or ovpn1 link (outgoing IP address) for all devices on the network without any problem by manipulating the "Default Route Distane" value in DHCP client for ether1 interface
Choosing the ovpn-out1 interface
Code: Select all
ip dhcp-client set ether1 default-route-distance=10
Choosing the ether1 interface
Code: Select all
ip dhcp-client set ether1 default-route-distance=1
Currently, I need to make a modification so that the choice of link depends on which ether2 or ether3 interface the computer connects to
I tried to do it as follows
I remove the ether3 interface from the bridge, create a new bridge2 to which I add the ether3 interface
Next
Code: Select all
routing table add name=mark_WAN1 fib
routing table add name=mark_VPN fib
ip firewall mangle add chain=prerouting in-interface=bridge action=mark-routing new-routing-mark=mark_WAN1 passthrough=no
ip firewall mangle add chain=prerouting in-interface=bridge2 action=mark-routing new-routing-mark=mark_VPN passthrough=no
ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=mark_WAN1
at this point, access to the router using the IP address fails, after the MAC address, I can still get in
Code: Select all
ip route add dst-address=0.0.0.0/0 gateway=10.8.0.1 routing-table=mark_VPN
After these steps, when I connect the computer to ether2, I exit with the ether1 interface, while when I connect the computer to ether3, I exit with the ovpn-out1 interface.
So everything works fine, the only problem is that I do not have access to the router using the IP address, I have access only via MAC.

Re: Mikrotik - two links, no access to the router using the IP address.

Posted: Fri Feb 03, 2023 12:00 am
by marcinx
any ideas?

Re: Mikrotik - two links, no access to the router using the IP address.

Posted: Fri Feb 03, 2023 8:35 am
by ConradPino
What's missing here?
  • A brief local network description:
    • links
    • routers
    • switches
    • client devices
    • IP subnet plan
  • Relevant MikroTik devices by model number.
  • Privacy redacted exports from MikroTik devices.

Re: Mikrotik - two links, no access to the router using the IP address.

Posted: Fri Feb 03, 2023 12:53 pm
by anav
amen brother, a coherent request needed for sure!
viewtopic.php?p=908118

Re: Mikrotik - two links, no access to the router using the IP address.

Posted: Sun Feb 05, 2023 11:19 pm
by marcinx
I will try to describe my problem again:
Mikrotik has an IP address of 192.168.88.1/24
Computer 1 has an IP address of 192.168.88.15
Computer 2 has an IP address of 192.168.88.152
external IP address for main WAN is e.g. 15.15.15.15
external IP address for VPN to e.g. 20.20.20.20

What I want to achieve is to go to https://ipaddress.my/ so that computer 1 shows the external IP address 15.15.15.15 and computer 2 shows the external IP address 20.20.20.20

I am currently using the configuration below
Code: Select all
/certificate import file-name=vpn.crt
/certificate import file-name=vpn.key
/interface ovpn-client add user=vpn certificate=vpn.crt_0 tls-version=any auth=sha256 cipher=aes256 use-peer-dns=yes add-default-route=no protocol=tcp mode=ip profile=default port=43121 connect-to=20.20.20.20
/ip firewall nat add chain=srcnat out-interface=ovpn-out1 action=masquerade
ip dhcp-client set ether1 default-route-distance=10
/ip firewall address-list add address=192.168.88.150-192.168.88.160 list=VPN-list
/routing table add disabled=no fib name=VPN-route
/ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=VPN-route passthrough=yes src-address-list=VPN-list
/ip firewall filter add action=accept chain=forward out-interface=ovpn-out1 src-address-list=VPN-list
/ip route add disabled=no dst-address=0.0.0.0/0 gateway=ovpn-out1 routing-table=VPN-route
After this procedure, computer 1 has an external IP 15.15.15.15, while computer 2 has an external IP 20.20.20.20, so I was successful, but the problem is that from computer 2 I cannot connect to the router using the IP address 192.168.88.1
What to do to be able to connect to the IP address 192.168.88.1 from computer 2, the connection stops working after issuing the following command.
Code: Select all
/ip route add disabled=no dst-address=0.0.0.0/0 gateway=ovpn-out1 routing-table=VPN-route
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/