0

I'm new to OpenVPN but have managed to install it on an Ubuntu machine. The requirement is to allow Mikrotik and then laptop clients to connect to the VPN. I managed to make this work by running two openvpn servers on the same machine, one configured to proto tcp and one for proto udp each listening on different ports. The tcp version uses 10.8.0.0/24 and the udp version uses 10.9.0.0/24.

If I do an ifconfig on the Ubuntu server I see eth0, tap0 and tap1. The Mikrotik can connect to the VPN and the laptops can connect to the VPN via the respective ports and have proper connectivity.

How can I allow devices on tap0, ie. network 10.8.0.0/24 to see devices on tap1, ie. network 10.9.0.0/24.

Will bridging tap0 and tap1 work, and if so how can that be done. Or how is this possible?

Leon Vismer
  • 101
  • 3

1 Answers1

0

You need to set route on servers for your clients so they could know about other subnet(s). Since you did not mentioned OpenVPN version I suppose you are using 2.4.x.

If you are using custom client configuration on both servers so your clients can have static IP assigned, in server configuration:

option client_config_dir '/path/to/openvpn/client/directory'

Each client can have configuration which after connecting OpenVPN will look for client name as the client's X509 common name, OpenVPN manual.

Lats say that your Mikrotik client have X509 common name Mikrotik, you will add to /path/to/openvpn/client/directory/Mikrotik as follows

ifconfig-push 10.8.0.101 255.255.255.0
iroute 10.9.0.0 255.255.255.0

This will ensure that your Mikrotik will get address 10.8.0.101 and internal route 10.9.0.0 with netmask 255.255.255.0

On same server (10.8.0.0/24) you need to push routes

list push 'route 10.9.0.0 255.255.255.0'

Same thing would need to be done for laptops VPN with changing IP addresses in server configuration.

Please note that you also need to allow forwarding on your server.

Filip C.
  • 1
  • 3