Welcome,
I would like to create a bridge mode on the OpenVPN AS server to connect to it with mikrotik.
I have such data to complete in my Mikrotik client:
https://imgur.com/a/o1USfmx
I tried to enable the bridge mode on the server myself, but immediately lost connection with my machine. I read about it and found out that I need to create a bridge. Only every time I create a bridge, it fails. I would like some tips on how to configure it.
I want my OpenVPN AS server to serve as a server (bridge) and my mikrotik client to connect to this server.
I am using the version: openvpn-as-2.1.12-Ubuntu18.amd_64.deb
I tried according to these materials:
https://openvpn.net/vpn-server-resource ... ss-server/
https://www.slsmk.com/getting-started-w ... using-tap/
https://openvpn.net/community-resources ... ux-server/
https://openvpn.net/vpn-server-resource ... d-network/
and many others ...
Please help! I have been struggling with it for 2 weeks to no avail.
OpenVPN Bridge Mode
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: OpenVPN Bridge Mode
Hello Trinity,
Regarding mikrotik and OpenVPN Access Server, it is technically possible, but not recommended. The mikrotik implementation of OpenVPN is lacking some features. I would not recommend it. I would instead recommend to handle the VPN connection outside of the mikrotik router.
And using bridging, well, that's a feature in deprecation at the moment on Access Server. It's still in Access Server, hidden away, but it's not something we encourage to use. There are serious downsides to using Layer 2 bridging over a VPN. It is better to use the standard Layer 3 routing.
You're on a path that for the above two reasons is not advisable. But if you insist, then see this forum post regarding mikrotik, and this document regarding Layer 2 bridging mode in Access Server:
viewtopic.php?f=24&t=31939&p=98150
https://openvpn.net/vpn-server-resource ... 2-bridging
Kind regards,
Johan
Regarding mikrotik and OpenVPN Access Server, it is technically possible, but not recommended. The mikrotik implementation of OpenVPN is lacking some features. I would not recommend it. I would instead recommend to handle the VPN connection outside of the mikrotik router.
And using bridging, well, that's a feature in deprecation at the moment on Access Server. It's still in Access Server, hidden away, but it's not something we encourage to use. There are serious downsides to using Layer 2 bridging over a VPN. It is better to use the standard Layer 3 routing.
You're on a path that for the above two reasons is not advisable. But if you insist, then see this forum post regarding mikrotik, and this document regarding Layer 2 bridging mode in Access Server:
viewtopic.php?f=24&t=31939&p=98150
https://openvpn.net/vpn-server-resource ... 2-bridging
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sun Mar 29, 2020 11:19 pm
Re: OpenVPN Bridge Mode
I want to bridge the OVH dedicated server to my machine in my server room.openvpn_inc wrote: ↑Wed Sep 15, 2021 6:53 amHello Trinity,
Regarding mikrotik and OpenVPN Access Server, it is technically possible, but not recommended. The mikrotik implementation of OpenVPN is lacking some features. I would not recommend it. I would instead recommend to handle the VPN connection outside of the mikrotik router.
And using bridging, well, that's a feature in deprecation at the moment on Access Server. It's still in Access Server, hidden away, but it's not something we encourage to use. There are serious downsides to using Layer 2 bridging over a VPN. It is better to use the standard Layer 3 routing.
You're on a path that for the above two reasons is not advisable. But if you insist, then see this forum post regarding mikrotik, and this document regarding Layer 2 bridging mode in Access Server:
viewtopic.php?f=24&t=31939&p=98150
https://openvpn.net/vpn-server-resource ... 2-bridging
Kind regards,
Johan
I want to combine it with OpenVPN AS + Mikrotik (as a router to my ProxMox VMs).
As a result, I want to use OVH's IP addresses in my server room (proxmox server).
Can I do it on layer 3? Because I thought that only I can on layer 2.
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: OpenVPN Bridge Mode
Hello Trinity,
You say you want to use OVH's IP addresses in your server room. You can achieve something like it with Layer 3. You can do port forwarding using the DMZ function in Access Server, to forward incoming traffic on VPN server-side IP addresses to specific VPN clients. Outgoing traffic from VPN clients going through the VPN server go through the primary IP of the VPN server. Maybe that's enough for you.
Kind regards,
Johan
You say you want to use OVH's IP addresses in your server room. You can achieve something like it with Layer 3. You can do port forwarding using the DMZ function in Access Server, to forward incoming traffic on VPN server-side IP addresses to specific VPN clients. Outgoing traffic from VPN clients going through the VPN server go through the primary IP of the VPN server. Maybe that's enough for you.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sun Mar 29, 2020 11:19 pm
Re: OpenVPN Bridge Mode
I do this redirect already on my machines (iptables).openvpn_inc wrote: ↑Wed Sep 15, 2021 6:47 pmHello Trinity,
You say you want to use OVH's IP addresses in your server room. You can achieve something like it with Layer 3. You can do port forwarding using the DMZ function in Access Server, to forward incoming traffic on VPN server-side IP addresses to specific VPN clients. Outgoing traffic from VPN clients going through the VPN server go through the primary IP of the VPN server. Maybe that's enough for you.
Kind regards,
Johan
But I want to connect about 10 IP addresses from OVH to openvpn as server.. Then I redirect it somehow so that 1 IP address was for one VM (Proxmox). I don't want to install openvpn client on every VM. I want the address assignment to be in front of the VM. That's why I wanted to use mikrotik as a router for these VMs.
I am counting on further help.
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: OpenVPN Bridge Mode
Hello Trinity,
I have some experience with OVH's network. I have doubts it can be made to work that way. The difficulty lies in OVH's mapping IP addresses to specific MAC addresses. And I doubt they appreciate or allow you running a system with promiscuous mode or MAC address spoofing. I believe though you can still have the IP addresses all on your OVH instance running the Access Server, and then port forward from each of those IP addresses to the individual OpenVPN clients.
If this is not sufficient I suggest you take a look at a solution such as ExtraIP, which wraps a public IPv4 subnet in a GRE tunnel and you can pick that up with a mikrotik router. I use this. It lets me have additional public IPv4 addresses on my home network, assignable directly to any of my systems here.
I'm afraid I cannot help you any further on this use case. Good luck.
Kind regards,
Johan
I have some experience with OVH's network. I have doubts it can be made to work that way. The difficulty lies in OVH's mapping IP addresses to specific MAC addresses. And I doubt they appreciate or allow you running a system with promiscuous mode or MAC address spoofing. I believe though you can still have the IP addresses all on your OVH instance running the Access Server, and then port forward from each of those IP addresses to the individual OpenVPN clients.
If this is not sufficient I suggest you take a look at a solution such as ExtraIP, which wraps a public IPv4 subnet in a GRE tunnel and you can pick that up with a mikrotik router. I use this. It lets me have additional public IPv4 addresses on my home network, assignable directly to any of my systems here.
I'm afraid I cannot help you any further on this use case. Good luck.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support