Can't ping through OpenVPN tunnel

trunet · April 13, 2015, 5:23pm

Hello,

I’m trying to setup a client openvpn tunnel, but apparently mikrotik is dropping the packets when reply is received.

[admin@trunetroutersp01] > /interface ovpn-client print
Flags: X - disabled, R - running
 0  R name="ovpn-hma-usa" mac-address=02:C1:8B:48:A0:D6 max-mtu=1500
      connect-to=<EDITED> port=443 mode=ip user="<EDITED>" password="<EDITED>"
      profile=default-openvpn certificate=<EDITED> auth=sha1 cipher=blowfish128
      add-default-route=no

I’m sniffing ICMP packets and pinging:

[admin@trunetroutersp01] > /tool sniffer start
[admin@trunetroutersp01] > /ping interface=ovpn-hma-usa count=4 8.8.8.8
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 8.8.8.8                                                 timeout
    1 8.8.8.8                                                 timeout
    2 8.8.8.8                                                 timeout
    3 8.8.8.8                                                 timeout
    sent=4 received=0 packet-loss=100%

[admin@trunetroutersp01] > /tool sniffer stop
[admin@trunetroutersp01] > /tool sniffer packet print detail
 0 time=1.985 num=1 direction=tx interface=ovpn-hma-usa src-address=10.200.2.87
   dst-address=8.8.8.8 protocol=ip ip-protocol=icmp size=56 cpu=0 ip-packet-size=56
   ip-header-size=20 dscp=0 identification=36420 fragment-offset=0 ttl=255

 1 time=2.126 num=2 direction=rx interface=ovpn-hma-usa src-address=8.8.8.8
   dst-address=10.200.2.87 protocol=ip ip-protocol=icmp size=56 cpu=0
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=0 fragment-offset=0
   ttl=46

 2 time=2.989 num=3 direction=tx interface=ovpn-hma-usa src-address=10.200.2.87
   dst-address=8.8.8.8 protocol=ip ip-protocol=icmp size=56 cpu=0 ip-packet-size=56
   ip-header-size=20 dscp=0 identification=36421 fragment-offset=0 ttl=255

 3 time=3.127 num=4 direction=rx interface=ovpn-hma-usa src-address=8.8.8.8
   dst-address=10.200.2.87 protocol=ip ip-protocol=icmp size=56 cpu=0
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=0 fragment-offset=0
   ttl=46

 4 time=3.993 num=5 direction=tx interface=ovpn-hma-usa src-address=10.200.2.87
   dst-address=8.8.8.8 protocol=ip ip-protocol=icmp size=56 cpu=0 ip-packet-size=56
   ip-header-size=20 dscp=0 identification=36422 fragment-offset=0 ttl=255

 5 time=4.132 num=6 direction=rx interface=ovpn-hma-usa src-address=8.8.8.8
   dst-address=10.200.2.87 protocol=ip ip-protocol=icmp size=56 cpu=0
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=0 fragment-offset=0
   ttl=46

 6 time=4.997 num=7 direction=tx interface=ovpn-hma-usa src-address=10.200.2.87
   dst-address=8.8.8.8 protocol=ip ip-protocol=icmp size=56 cpu=0 ip-packet-size=56
   ip-header-size=20 dscp=0 identification=36423 fragment-offset=0 ttl=255

 7 time=5.135 num=8 direction=rx interface=ovpn-hma-usa src-address=8.8.8.8
   dst-address=10.200.2.87 protocol=ip ip-protocol=icmp size=56 cpu=0
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=0 fragment-offset=0
   ttl=46

Sniffer is seeing icmp reply. I cleaned all my firewall filter table, and nothing changes, so it’s not the firewall dropping. Do you have any clue why is this happening?