openvpn client routing question

RouterOS Beginner Basics
1

Hi all - i found this thread while researching an issue I am having with my current setup and the things I would like to do. So here it goes

I have the following setup::

  1. OpenVPN Server running on Linux on 10.8.0.0 (WAN1)
  2. RouterOS RouterBoard 2011IN connecting to that server (WAN2) (gateway – ether1)

my config on routerOS is working fine and I can see the routerOS device connected on the OVPN Server active clients list with an IP of 10.8.0.3

so that vpn part works. Now what I would like to do is, set everything up so that when I login to that VPN network with my laptop lets say, i am then able to connect to the routerOS config interface using any of the available services (ssh - sftp - www - winbox)… But so far it seems I am out of luck.

If anyone could help I would appreciate this. Thanks.

As follows some more information in the hopes this helps.

I have tun0 traffic allowed on OVPN Server as well as Filter FORWARD has ports 80 / 8921 accept in forward. I have also added a firewall filter rule on RouterOS allowing connections on INPUT for port 8291 and network 10.8.0.0/24.

From the ovpn-server (ssh in) i can ping any client including the routeros board. I can even ssh into that (routerOS) from the ovpn-server but not from my windows client. Its really weird… On the windows client the routes are there when i connect.

SERVER 10.8.0.1
RouterOS 10.8.0.2
WIN 10.8.0.3

i can access the SERVER from WIN just fine (http / ssh whatever configured) using the VPN connection, no problems there. I can not access the routerOS, even with empty iptables.

So my config would look like this: (example)
– Debian eth0:192.168.1.220 tun0:10.8.0.1
— can access all other clients on network
— has INPUT filter but accepts all traffic from internal networks and from tun0

– RouterOS ether1:192.168.1.175 ovpn-client:10.8.0.2
— can ping and reach server fine x.0.1
— can ping and reach WIN machine fine (http setup for testing)

– WIN eth0:192.168.1.105 ovpn:10.8.0.3
— can access all services on server 10.8.0.1
— cant access / ping anything on routerOS

So i am thinking – (since i kinda suck at fwalls) – do i need to accept on INPUT chain of server ports for the routerOS unit? i dont think so since FORWARD would deal with traffic going through the server.

I am getting bald here, so any help is appreciated