Packets not return from VPN

olegon · August 16, 2020, 7:08pm

Very strange situation.
VPN without default gateway. Adresses 10...146 - 10...1
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=blocked
in-interface=!wan new-routing-mark=vpn passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat routing-mark=vpn src-address=
192.168.0.0/16
/ip route
add comment=“Blocked to VPN” distance=1 gateway=vpn routing-mark=vpn

and … timeout…
I added 8.8.8.8 to blocked list and ping it - no reply. I see 10...1 in traceroute and no any host behind.
I captured file by packet sniffer and see reply from remote to 10...146, but no reply to client.
In maskquerade I see only first (suppose) packet from ping. It’s increase only when I start ping. Fasttrack enabled.
What is this? Where I can find error?

msatter · August 16, 2020, 7:32pm

Switch Fasttrack off.

olegon · August 16, 2020, 7:59pm

I disabled fasttrack rule without any changes

olegon · September 7, 2020, 4:44am

So, some details…
I sniffed at router… Packet returns from VPN. But I see it only on router.
Schema - PC - router - VPN
I ping from PC to some host routed to VPN and see reply only at the router. Hm…
Moreover, I can ping from PC to VPN remote server (10...1) and router VPN address through VPN and receive reply, but no one server behind (can see reply only on the router).
Some strange thing. When I starting ping, it’s only one packet counter increased in mark routing rule.

Any ideas?