Please help me solve this problem. I want to be able to see the camera through the OVPN connection in my Mikrotik. Take a loon on this schematics, please:
I want to play 192.168.1.88:554 from the Server. I’ve already established the OVPN connection between Server and Mikrotik, both are pingable within 10.8.0.0/24 network. In Mikrotik terminal, I see that 192.168.1.88 is pingable and /system telnet 192.168.1.88 554 port is reachable. So I’ve tried to establish port forwarding like this:
I expect to open 10.8.0.6:554 from the Server and receive the RTSP stream from 192.168.1.88:554. I see that the rule’ packet counter is ticking when I trying to telnet 10.8.0.6:554 from the Server.
Can you please give me some ideas on where the error is?
When fixing routing issues, you have to consider two routes always:
1.- The one going from the initiator to a given device, and
2.- The route that the reply will take back to the connection initiator.
From initiator (server) to device (camera) seems to be working judging by the rule counters, I assume default firewall filter rules with drop all on in-interface-list=WAN unless dst-natted?
Now let’s check the “reply” route: the camera possibly has 192.168.1.1 as default gw, isn’t it?.
Camera will see the connection as coming from 10.8.0.1, so as this range is out of 192.168.1.0/24 its reply will be sent to its default GW, 192.168.1.1, which doesn’t have a clue how to route to 10.8.0.1.
To fix this we can resort to either routing, or more NAT. Fixing routing is cleaner…
Routing solution:
Add a route on “Other router” to 10.8.0.0 using 192.168.1.242 as gateway and retry. Now “Other Router” will send these packets to the mikrotik which in turn will route them through the OVPN tunnel.
Natting solution:
Add an src-nat on the mikrotik to masquerade traffic towards the camera as coming from mikrotik LAN range IP (192.168.1.242)
