OpenVPN UDP passthrough

ivolibal · October 25, 2019, 4:56pm

Hello,
i would need to allow incomming OpenVPN UDP(port 2345) trafic to my internal OpenVPN server (on a local server, not on mikrotik) from internet clients (using openvpn clients).

My filter settings are

oct/25/2019 18:46:47 by RouterOS 6.45.6

software id = I39T-CA9T

model = RB750Gr3

serial number = 8AFF092AF3EC

/ip firewall filter
add action=accept chain=input comment=“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=drop chain=input comment=“defconf: drop all not coming from LAN” in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy” ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy” ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=invalid
add action=accept chain=forward dst-port=500 protocol=udp
add action=accept chain=forward dst-port=4500 protocol=udp
add action=accept chain=forward dst-port=49000 protocol=udp
add action=accept chain=forward protocol=ipsec-esp
add action=accept chain=forward protocol=ipsec-ah
add action=drop chain=forward comment=“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN

my NAT settings are

/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=2345 protocol=udp to-addresses=192.168.1.125 to-ports=2345

I am a newbie, so i am sorry if the setup is easy and i just missed something. I searched google and forums, but no help yet.