my traffic doesnt pass through open vpn

RouterOS General
1

Hi guys

i live in iran and here we need to use vpn to reach free internet, so i bought a mikrotik server in france and configured it for Open VPN.
but i have a problem: i can connect to server (windows and android) but i cant open censored websites, in fact my ip wont change to vpn server’s IP and seems my traffic is not going through vpn tunnel.

i config my mikrotik server with this video https://www.youtube.com/watch?v=WzApPczmA_c&ab_channel=techieLAB

my client config file:

client 
dev tun 
proto udp-client 
remote x.x.230.10 port 1993
persist-key 
persist-tun 
nobind 
tls-client 
remote-cert-tls server 
ca ca.crt 
cert client.crt 
key client.key 
redirect-gateway def1 
verb 4 
mute 10 
cipher AES-128-CBC 
auth SHA1 
auth-user-pass secret 
auth-nocache

what i must do ?

2

how can i enable “Push redirect-gateway def1” command in mikrotik ?

3

hello again

no any solution ?

4

RouterOS does not support pushing routes in OpenVPN. You have to configure the route manually - after the client connects, run
route add 0.0.0.0 MASK 0.0.0.0 ip.of.the.gw from command line. You may have to add a route to your Mikrotik in France and remove the existing default route.

5

so bad :frowning:
problem is we cant do it on phones

6

You can try Wireguard instead of OpenVPN, or you can run a linux VM instead of CHR in France.

But I’ve just tried the “OpenVPN for Android” application - it allows to configure routing of everything via the tunnel no matter whether the server pushes a route list. In fact, it is even the default setting.

7

i am trying wiregaurd too, yea wireguard is very better. configuring linux is too hard, i prefer mikrotik CHR. however i know there is a better solution: Pfsense but again there is a problem with pfsense, in Iran the sites that sells VPS doesn’t provide Pfsense.

8

I’m not sure I get the point with pfSense - to my understanding, it is an operating system like RouterOS, not a VPN protocol like OpenVPN or Wireguard. So installing a virtual pfSense instead of CHR and configuring OpenVPN on it might be easier than using a general purpose Linux distribution. And I am totally lost regarding sites selling VPNs - how is that related to your case where you operate a VPN server yourself?

9

“VPS,” not VPN: Virtual Private Server, a la Digital Ocean, Linode, Rackspace… A type of VM specialized for single-instance hosting, as contrasted with 1990s style shared hosting or all this new-fangled cloud stuff.

A VPS gives you a choice of host OS, potentially including pfSense, CHR, your Linux distribution of choice, etc…

10

Ah, yes, I need better glasses :slight_smile:

But as the CHR is running somewhere in France, I didn’t even think that the “in Iran the sites that sells VPS doesn’t provide Pfsense” statement could be related to the hosting.

11

maybe is related to the hosting companies like OVH or… but pfsense have more options compared to CHR specially for OpenVPN

and i want to say Thank you for Help :slight_smile:

12

Dear Mehrdad,
As an Iranian to another, You should include the “Route” in the OpenVPN config file. Furthermore, you should open a ticket at the reseller website and ask them to mount your own ISO such as Pfsense. However, You should know that OpenVPN implemented in MT isn’t good at least from my own experience. Move on to IKEv2 or WG and call it a day.

route 0.0.0.0 0.0.0.0
redirect-gateway def1
13

for now i am using PPTP on windows machines and WG on smartphones. WG is very good and stable but as a network engineer i will try your OVPN solution.
Thank you bro.