Reply To: RE: OpenVPN with router

I have spent a lot of time on this

OpenVPN will work, however all of the phones will show the single remote mikrotik address, which makes it so you can’t easily do a tunnel back thru to the phone since the Vital server is also the Openvpn server and the mikrotik is only client

A better solution for me was to use and IPsec point to point

Install OpenSwan VPN to your server

yum install openswan lsof

Setup firewall rules

4500 UDP/TCP
500 UDP

Setup your IPsec config    files are here   /etc/

ipsec.secrets

   0.0.0.0 %any: PSK “YourIPSecPassword”         (change 0.0.0.0 to the mikrotik ip for security)

ipsec.conf

config setup

# nat_traversal=yes

protostack=netkey
fragicmp=no

conn mikrotik
# This is where you define your connection to the router NAME.

left=XXX.XXX.XXX.XXX    #your Vital Wan address
leftsourceip=10.5.0.1             #Vital pbx local, you may need to add this as an interface 
leftsubnet=10.5.0.0/24
leftid=XXX.XXX.XXX.XXX  #your Vital Wan Address

right=XXX.XXX.XXX.XXX    ##mikrotikwanip or %any   if the server is dynamic
rightid=XXX.XXX.XXX.XXX ##mikrotikwanip
rightsubnet=192.168.0.0/24   ##mikrotik local ips or multiple ranges using a coma “,”

keyingtries=0
pfs=yes
aggrmode=no

ike=3des-sha1;modp1024   ## Or what you want just so it matches the other router
esp=3des-sha1;modp1024

authby=secret
keyexchange=ike

# This allows the VPN to come up automatically when openswan starts
auto=start

ikelifetime=86400s
keylife=3600s

Enable and start the service Like this
systemctl enable ipsec.service
systemctl status ipsec.service

Mikrotik special settings if the wan is dhcp

Policy behind a NAT
Change SA Scr Address to 0.0.0.0

I have also used this with pfsense ipsec vpns or other

The advantage is each phone will have a unique ip address of 1.05.0.X