Join Log in
Score:0
user6721496 avatar Server

OpenVPN network on the client side

ca flag
user6721496

I have the following configuration.

VPS with Windows Server 2019 and with public IP. I have OpenVPN server installed on it and TUN adapter with 10.8.0.1 IP Here my OpenVPN server configuration

port 1194
proto tcp
dev tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\issued\\server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\private\\server.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\dh.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.8.0 255.255.255.0"
client-to-client
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log    "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 6
mute 20
windows-driver wintun
mssfix 1500

On the other side i have Mikrotik router and OpenVPN client on it. Here Mikrotik configuration

Name: ovpn-srv
Type: OVPN Client
Connect To: public.vps.ip
Port: 1194
Mode: ip
User: user
Password: ****
Profile: default
Certificate: mikrotik.crt_0
Auth: sha1
Cipher: aes 256
Use Peer DNS: yes
Local network behind Mikrotik is 192.168.8.0/24

All computer behind Mikrotik can connect to VPS via RDP by ip of OpenVPN TUN adapter 10.8.0.1. But i need connect some network printer behind Mikrotik to VPS server. But i cant ping any ip adresses behind Mikrotik from VPS server.

What do i must configure on Mikrotik so that i can access to local network behind Mikrotik from VPS server?

Thank you in advance!

84
0 + 0
vpn
in flag
NiKiZe
You must have something more going on 192.168.8.0/24 is on the Mkrotik side, but how does the server reach that range? My guess is that "it don't" due to NAT on Mikrotik side. If so you must remove that NAT and then make the server know how to reach that net see `route add` help screen in windows.
0
Reply
user6721496 avatar
ca flag
user6721496
Hello! Thank you for answer!
0
Reply
user6721496 avatar
ca flag
user6721496
But i cant remove NAT on Mikrotik because is the gateway for clients behind Mikrotik. And on Mikrotik side i must do something? Some routing?
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Better don't use OpenVPN on Mikrotik. The implementation is awful.
0
Reply
user6721496 avatar
ca flag
user6721496
Yes. I now :( But a have no choise in this situation. Somebody know what i must configure? I spend all weeak and with no luck :(
0
Reply
in flag
NiKiZe
Accessing devices behind a NAT is not what you want, with proper routing there is no need for NAT in the first place. (note that you want to remove NAT for the VPN connection, not WAN)
0
Reply
user6721496 avatar
ca flag
user6721496
So I can remove NAT only for OpenVPN interface? I'm just not very big specialist in Mikrotik. How can I do it?
0
Reply
user6721496 avatar
ca flag
user6721496
Maybe someone have a case as my? Can you please guide me in right direction.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.