Nethserver 7 behind Mikrotik RB750gr3

Support
1

Hello everyone I have a Nethserver 7 as a VPN server to create the VPN on it as follows:
routed
IP: 10.8.10.0
Mask: 255.255.255.0
port 1194
UDP
Authenticated and certified customers

The company’s local network has a Mikrotik RB750GR3 router
wan : pppoe with ip dimamico use RB cloud and is also the gateway and dns of the IP network: 172.16.115.10
Mask: 255.255.255.0

I connect to VPN mkais not access the local network., I’ve followed several documents on route creation in RB, but still without access to the local network

2

@onlitec AFAIK NethServer works as VPN server only with two interfaces.
a GREEN one which should be the gateway for the all the hosts of the network.
a RED one, which should be used by the Nethserver to connecting to internet.

Otherwise…

3

Hello, i think first of all you need to check who will be managing your connections, if its the RB750 you might need to create some rules to make VPN on your nethserver avaliable to the internet.
PS: I never tried this one before, i don´t know what kind of rules you need to create, but i guess something with the UDP 1194 port.

As pike already mentioned, you need 2 nics either way.

The other way is to use the RB750 just as a WAN auth, and create a DMZ rule to your nethserver, letting your nethserver take care of all the connections, thats a good way to manage your network, entirely in nethserver! :slight_smile:

4

AFAIK It works with one interface (“server mode”) too. If Neth is not the router then you need to port forward the used port as @ssabbath explained (this seems to work already as you can connect to the VPN server) and setup a static route on the router (this allows you to connect to the local network)

I don’t know about mikrotik but in the mikrotik wiki are instructions for setting up a static route.

1 Like
5

makes sense… but wierd setup, not border firewall as vpn :slight_smile:

6

That’s my problem, I followed the Wiki and it still doesn’t work

7

This with two interfaces I connect to the VPN the problem is the route I need to create in Mikrotik

8

I am sorry, but i cannot imagine/guess the current layout of the network.
Would you please provide some more info, please?

If you need a small flowchart designer, consider https://app.diagrams.net/

1 Like
9

I used to miss Micro$oft Visio so much until i started using diagrams.net

Before that i used Dia draws your structured diagrams: Free Windows, Mac OS X and Linux version of the popular open source program and they suck! :stuck_out_tongue: hahaha

10

DIA is solid, but not that noob-friendly, IMVHO

1 Like
11

I agree, i am a noob! hahaha! :rofl:

12

Hi, I made this simple diagram to make it easier to understand

image
image691×607 53.6 KB

1 Like
13

Yup, you should create port forwads/rules in mikrotkit, like every packet that comes with UDP 1194 should be routed to 172.16.115.155

i dont know exactly how to do this, i would know if i had any access to a mikrotkit right now, but i would start from here:

14

Thanks, great tutorial, I think I can now, all the others are just text and even I copying and pasting the error, I change it to my scenario but I didn’t add it.

15

IDK Mikrotik devices (never worked on yet), some of these boxes/firmwares like to have both NAT and firewall rules to allow traffic…

The think that concernes me is that… VPN IMVHO should be bridged to green to work correctly, in this scenario.
Otherwise routing can became quite messy.
Also, routing to VPN clients should provide Mikrotik as gateway.

16

The network configuration on the Nethserver is like this:

image
image1113×184 15.7 KB

image
image330×705 50.1 KB

17

In the DHCP options the DNS (and WINS) should be the Nethserver (IIRC an empty field defaults to Nethserver IP) or the internal DNS you are using.

You should enable “push all static routes”, so the clients get the routes.

What about using the new server manager instead of the old one? :wink:

18

Hello it was configured in this way that you mentioned more the proplema continued so I disabled it, but now I realized that the problem is in Mikrotik, I need information about the routes in Mikrotik

19

You only need to add one route on the Mikrotik. Destination is 10.8.10.0/24 (VPN network address) and the gateway is 172.15.115.155 (NethServer)

20

Create the route putting the VPN server as a gateway, but it is not the network gateway the network gateway is the Mikrotik on IP 172.16.115.10, but I put the vpn server as a gateway, I was able to access the Mikrotik through the VPN and some others IPs but precisely the IP I need which is the 172.16.115.200 I can’t access, I didn’t understand why to access some and not others.

image
image1244×252 10.6 KB