There is a ready OpenVPN server with a dedicated external ip. And there is a Mikrotik rb951g-2hnd router, which can itself be an OpenVPN server and client, it serves a local network. Is it possible to configure this router so that its DHCP gives addresses on the same subnet as OpenVPN and so that other OpenVPN clients can freely see the hosts of the local network served by the router?

Speaking figuratively and rudely - is it possible to configure the Mikrotik router with a network switch for OpenVPN?

Is it possible with the help of OpenVPN to implement such a scheme? In order not to configure each virtual private network client separately, as is usually the case, but so that the router serves some of the physical clients and they were all on the same subnet as the OpenVPN server?

If this is all possible, please tell me the possible topology and routing to accomplish this task.

  • one
    It is rumored that openvpn in microtic shit is absolutely not usable. But in principle, you can configure, but it is not called a switch for openvpn. First you need to put in order your knowledge about computer networks. - Sergey
  • You need to think not within the framework of DHCP servers - but within the framework of routing. There is no "router network", there is just a local network. And there is a virtual network OpenVPN. These are two different networks, and there must be different address ranges in different networks. - Pavel Mayorov

1 answer 1

You need:

  1. Put OpenVPN server in tap mode (in OSI link layer mode). Switching works only on the link layer.

  2. If the server is located on the local network of the router, then it is sufficient on the server to make a bridge between the virtual network and the real one. The method of combining two network adapters in the bridge, look in the manuals for your OS.

    You also need to simply turn off DHCP on the server - then the router will distribute addresses.

  3. If the server is outside, then the OpenVPN client must be configured on the router, then the two network interfaces should be connected to the bridge on the router. How to do this - look in the manuals for the router.

    In this configuration, you will also need to turn off DHCP on the server so that the router can distribute addresses. Or you can turn off DHCP on the router so that the addresses are distributed by the server.

    Do not forget to also allow clients on the server to interact with each other.

Useful link: https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html