Hello,
I have installed a RouterBoard (OS 5.26) and setup succesfully a vpn connection to an OpenVPN server through and aDSL router. After that published 21,23 and 80 ports on the VPN succesfully too. Every single member of VPN can access to the camera on mikrotik’s LAN (192.168.88.34)
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ovpn-out1
add action=accept chain=dstnat disabled=no in-interface=ovpn-out1
add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=192.168.88.34 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=554 protocol=tcp to-addresses=192.168.88.34 to-ports=554
add action=dst-nat chain=dstnat disabled=no dst-port=21 protocol=tcp to-addresses=192.168.88.34 to-ports=21
add action=dst-nat chain=dstnat disabled=no dst-port=23 protocol=tcp to-addresses=192.168.88.34 to-ports=23
Now, my problem is that I can ping from camera other VPN hosts, but I can’t stablish a TCP connection, tested with netcat on Axis camera and also ftp and web client.
On the other side of vpn tcpdmp shows that ICMP from camera reaches main server with ICMP correctly natted to mikrotik’s VPN IP.
Here is my routing table (changed vpn gateway address to protect the innocent):
10.8.0.5 → ptp of openvpn interface
10.8.0.6 → VPN address of Mikrotik
10.1.100.1 → IP address of second router
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 10.8.0.5 1
1 ADC 10.1.100.0/28 10.1.100.5 ether1-gateway 0
2 ADS 10.8.0.0/28 10.8.0.5 0
3 ADC 10.8.0.5/32 10.8.0.6 ovpn-out1 0
4 A S 1.2.3.4/32 10.1.100.1 1
5 ADC 192.168.88.0/24 192.168.88.1 ether2-master-l... 0
What am I forgetting?
TIA
Kind regards.
