Thanks Lonnie.
So if that's the case then it must be the iroute that determines where to send
the traffic destined for this subnet?
Regards
Michael Knill
On 12/3/20, 7:08 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
Michael,
The OpenVPN server configuration created that route, and routing to the
"server" seems correct. Just as the OpenVPN "client" should route to the
server as well.
I have an AstLinux OpenVPN client to server pair in my lab ...
OpenVPN Server: (using tun0)
pbx ~ # ip route show dev tun0
10.8.1.0/24 proto kernel scope link src 10.8.1.1
192.168.222.0/24 via 10.8.1.1
OpenVPN Client: (using tun2)
pbx3 ~ # ip route show dev tun2
10.8.1.0/24 proto kernel scope link src 10.8.1.2
192.168.110.0/24 via 10.8.1.1
Ahh BTW, I always use Topology: "[subnet] ..." which should match with
server / clients.
Lonnie
> On Mar 11, 2020, at 2:45 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>
> Thanks Lonnie. Just a question which I'm not sure of.
> The Astlinux routing table points 172.16.16.0/24 to its own OpenVPN
address (172.16.16.0/24 via 172.28.253.1 dev tun0). Is this correct?
> Shouldn't it point to the remote site OpenVPN address or is this how it
works?
>
> Regards
> Michael Knill
>
> On 11/3/20, 11:39 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
>
> Hi Michael,
>
> If you were using AstLinux instead of the Mikrotik in your home office
I would point you to the Firewall tab ...
>
> Network -> Firewall Configuration -> Firewall Options:
>
> ___ Allow OpenVPN Client tunnel to the [ 1st ] LAN Interface(s)
>
> ___ Allow OpenVPN Server tunnel to the [ 1st ] LAN Interface(s)
>
>
> So, for the Mikrotik it may be a similar firewall "forwarding" rule
for the OpenVPN 'tun' interface <-> LAN interface.
>
> BTW, the proper OpenVPN config (your's looks good at a quick glance)
will add the needed routes automatically.
>
> Lonnie
>
>
>
>> On Mar 11, 2020, at 6:31 AM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>>
>> Hi Group
>>
>> I have been trying out Mikrotik’s RouterOS v7 specifically to test UDP
OpenVPN.
>> I have set up OpenVPN from my Home Office router (OpenVPN Client) to my
hosted Astlinux (OpenVPN Server) for telephony purposes only.
>> The connection has come up fine and I can ping the OpenVPN addresses
each way from the terminating devices but I cant for the life of me get
connectivity working from the Home Office LAN to the Astlinux OpenVPN address.
>> OpenVPN Subnet: 172.28.253.0/24. Astlinux gateway .1
>> Home Office LAN: 172.16.16.0/24
>>
>> I have set up the iroute file:
>> 3000-IPC_Prod-CM1 kd # cat openvpn/ccd/IPC_Home_Office
>> iroute 172.16.16.0 255.255.255.0
>>
>> 3000-IPC_Prod-CM1 kd # ip route
>> default via 221.121.132.145 dev eth0
>> 172.16.16.0/24 via 172.28.253.1 dev tun0
>> 172.28.253.0/24 dev tun0 proto kernel scope link src 172.28.253.1
>> .......
>>
>> ### gui.openvpn.conf - start ###
>> ###
>> ### Auth Method
>> OVPN_USER_PASS_VERIFY="no"
>> ### Device
>> OVPN_DEV="tun0"
>> ### Port Number
>> OVPN_PORT="1194"
>> ### Protocol
>> OVPN_PROTOCOL="udp"
>> ### Log Verbosity
>> OVPN_VERBOSITY="4"
>> ### Compression
>> OVPN_LZO="no"
>> ### QoS Passthrough
>> OVPN_QOS="yes"
>> ### Cipher
>> OVPN_CIPHER=""
>> ### Auth HMAC
>> OVPN_AUTH=""
>> ### Allowed External Hosts
>> OVPN_TUNNEL_HOSTS="0/0"
>> ### Client Isolation
>> OVPN_CLIENT_ISOLATION="no"
>> ### Server Hostname
>> OVPN_HOSTNAME="30000.ipcaccess.net"
>> ### Server IPv4 Network
>> OVPN_SERVER="172.28.253.0 255.255.255.0"
>> ### Server IPv6 Network
>> OVPN_SERVERV6=""
>> ### Topology
>> OVPN_TOPOLOGY="subnet"
>> ### Server Push
>> OVPN_PUSH="
>> "
>> ### Raw Commands
>> OVPN_OTHER="
>> topology p2p
>> route-gateway 172.28.253.1
>> route 172.16.16.0 255.255.255.0
>> "
>> ### Private Key Size
>> OVPN_CERT_KEYSIZE="2048"
>> ### Signature Algorithm
>> OVPN_CERT_ALGORITHM="sha256"
>> ### CA File
>> OVPN_CA="/mnt/kd/openvpn/webinterface/keys/ca.crt"
>> ### CERT File
>> OVPN_CERT="/mnt/kd/openvpn/webinterface/keys/server.crt"
>> ### Key File
>> OVPN_KEY="/mnt/kd/openvpn/webinterface/keys/server.key"
>> ### DH File
>> OVPN_DH="/mnt/kd/openvpn/webinterface/dh1024.pem"
>> ### TLS-Auth File
>> OVPN_TA=""
>> ### Valid Clients
>> OVPN_VALIDCLIENTS="
>> ...........
>> IPC_Home_Office
>> "
>> ### gui.openvpn.conf - end ###
>>
>> I have looked at the firewall log on the Mikrotik and nothing comes up
as being denied. Any ideas on where to go next?
>> Yes I realise it's a Beta version but as I can ping the OpenVPN address
each way, it just seems to be a routing problem.
>>
>> Thanks all.
>>
>> Regards
>> Michael Knill
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
