0

I have the following configuration.

VPS with Windows Server 2019 and with public IP. I have OpenVPN server installed on it and TUN adapter with 10.8.0.1 IP Here my OpenVPN server configuration

port 1194
proto tcp
dev tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\issued\\server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\private\\server.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\dh.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.8.0 255.255.255.0"
client-to-client
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log    "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 6
mute 20
windows-driver wintun
mssfix 1500

On the other side i have Mikrotik router and OpenVPN client on it. Here Mikrotik configuration

Name: ovpn-srv
Type: OVPN Client
Connect To: public.vps.ip
Port: 1194
Mode: ip
User: user
Password: ****
Profile: default
Certificate: mikrotik.crt_0
Auth: sha1
Cipher: aes 256
Use Peer DNS: yes
Local network behind Mikrotik is 192.168.8.0/24

All computer behind Mikrotik can connect to VPS via RDP by ip of OpenVPN TUN adapter 10.8.0.1. But i need connect some network printer behind Mikrotik to VPS server. But i cant ping any ip adresses behind Mikrotik from VPS server.

What do i must configure on Mikrotik so that i can access to local network behind Mikrotik from VPS server?

Thank you in advance!

user6721496
  • 1
  • You must have something more going on 192.168.8.0/24 is on the Mkrotik side, but how does the server reach that range? My guess is that "it don't" due to NAT on Mikrotik side. If so you must remove that NAT and then make the server know how to reach that net see `route add` help screen in windows. – NiKiZe Nov 01 '21 at 06:55
  • Hello! Thank you for answer! – user6721496 Nov 01 '21 at 08:05
  • But i cant remove NAT on Mikrotik because is the gateway for clients behind Mikrotik. And on Mikrotik side i must do something? Some routing? – user6721496 Nov 01 '21 at 08:11
  • Better don't use OpenVPN on Mikrotik. The implementation is awful. – Nikita Kipriyanov Nov 01 '21 at 11:55
  • Yes. I now :( But a have no choise in this situation. Somebody know what i must configure? I spend all weeak and with no luck :( – user6721496 Nov 01 '21 at 12:34
  • Accessing devices behind a NAT is not what you want, with proper routing there is no need for NAT in the first place. (note that you want to remove NAT for the VPN connection, not WAN) – NiKiZe Nov 01 '21 at 12:58
  • So I can remove NAT only for OpenVPN interface? I'm just not very big specialist in Mikrotik. How can I do it? – user6721496 Nov 02 '21 at 11:58
  • Maybe someone have a case as my? Can you please guide me in right direction. – user6721496 Nov 02 '21 at 12:00

0 Answers0