hi
i have problem about port 1194.this port is block for me.i want open this port in mikrotik.
this port is for ovpen. i don’t have open this port.
it is very very nessesery.
please answer fast.
thanks.
you have not specified where is your VPN server?
On the router (mikrotik) or do you have to port forward it to internal OpenVPN server..
If you just need the client it should work out of the box because there are no limitation for outbound limits.
So if you have openVPN server on your Mikrotik you need to place this rule ONTOP (higher) than the default drop rule:
/ip firewall filter add action=accept chain=input comment="allow OpenVPN" disabled=no dst-port=1194 protocol=tcp
If you have it on internal server you need to portforward it.. I gues internal server usese UDP instead of TCP:
/ip firewall nat add action=dst-nat chain=dstnat comment=OpenVPNServer disabled=no dst-port=1194 protocol=udp to-addresses="IP of your internal server" to-ports=1194
So this is basicly it.. I would also add to portforward -in-interface=wan
But without knowing what excatly are you try to accomplish!
MY ovpn server is external.
How do you do the settings?
Does not anyone know what to solve?
please help me.
You’ve written it yourself - we don’t know what to solve because your description is confusing.
First you wrote that the openvpn server is running on your Mikrotik, and @huntah has given you the instruction how to make the firewall on that Mikrotik accept clients’ connections on port 1194.
Now you wrote that the openvpn server is external which is a completely different situation - if you use the Mikrotik as a client, or if the client is running on some device on Mikrotik’s LAN and the server is somewhere in the internet, the default firewall rules of your Mikrotik to not prevent devices on LAN nor the Mikrotik itself from sending packets to UDP or TCP port 1194, so the issue is somewhere else.
So diagram your actual scenario and then we may assist. A photo of a handmade drawing or ascii-art are sufficient.
I have a radio connection that I receive from the Internet.And the internet comes in my router And then the internet goes into my internal network.And in my internal network, there is a client that needs to communicate with the ovpn server located in another(external) country.And on my client, I have a vpnclient that connects to the ovpn server.But when it tries to connect the error message that port 1194 is closed and can not communicate.
this is my question.
I do not know I could put my question right?
This description is sufficient to understand that the ovpn server is far away in the internet and something between the client and the server is preventing the client from accessing the server’s port 1194.
Now it is only one of the possibilities that such “something” it is the firewall of your Mikrotik router. The only way to let someone on the forum give you an answer whether it really is your Mikrotik router what blocks the access is to publish here the export of its configuration following the guidelines in my automatic signature. But if you haven’t touched the firewall settings and also haven’t added any LAN subnets, the Mikrotik is not the blocking device. Maybe it is your ISP’s blocking rules forced by the government, or the VPN provider blocking access from your IP address/country, no idea.
So if you want, publish your export. To check first whether it is worth doing so, do the following (replace WAN-name below by the actual name of your WAN interface, such as ether1 or wlan1):
- In the terminal window of WebFig or Winbox, run the following command:
/tool torch WAN-name src-address=0.0.0.0/0 dst-address=0.0.0.0/0 ip-protocol=any port=1194 - start the openvpn client
If you can see some connection attempts to pop below the command in the terminal window, it means that your Mikrotik does not block them.
If you cannot see them there, repeat the steps above but use the LAN interface name in the /tool torch. If you can see the requests at the LAN interface but not on the WAN one, it is your Mikrotik which blocks them. If you see them at both, something between your Mikrotik and the server blocks them as said above. If you cannot see them at any of the two, either you’ve made some mistake in the /tool torch parameters or some firewall blocking the access is running already on the PC running the openvpn client.
As far as I reviewed, I realized that the isp of this port was closed. Now what should be done according to this state.
Talking to the ISP or reading the law, whichever is easier/less dangerous, is the first step. In some countries use of VPN is illegal. Use of some SSTP VPN which usually runs on https port (443) may be an easier way out if you have no particular reasons to use openvpn.
Unfortunately I have to use ovpn.
And the port’s block is also issued according to the rules. Isp can not do this, and I just have to find a way to open this port from another way. It’s a shortcut.
Through mikrotik firewall or any other way.
I’m afraid there is one extra لا in one of your statements, or maybe a missing one.
You say the port block is “issued according to the rules”, I understand this to mean that the law requires the port to be blocked.
You say that the ISP can not do this, I don’t understand whether it means that “it is not (technically) possible that it was the ISP who is doing it” or whether it means “the ISP is not allowed to do it”.
In any case, if you can see packets towards port 1194 on your Mikrotik’s WAN, there is nothing you could do technically on your equipment to connect to the server, except connecting to some other VPN and using the local interface of that VPN as a gateway for a route to the openvpn server you actually need to reach.