Hi all! I am using OpenVPN on Ubuntu 20 (runs on Cloud VM with public IP/fqdn) for devices that are behind Mikrotik router hEX PoE with RouterOS 7.2.3.
Router has white IP. I’ve set VPN Client connection to OpenVPN server via UDP and can see it is successful.
Below is server config.
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key persist-tun
keepalive 10 120
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh dh.pem
crl-verify crl.pem
ca ca.crt
cert server_xcVehZegEHjE22An.crt
key server_xcVehZegEHjE22An.key
auth SHA256 cipher AES-256-CBC
ncp-ciphers AES-256-CBC
tls-server tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
I used OVPN profile parsed by Mikrotik to set the connection. Below is profile info:
client
proto udp
explicit-exit-notify
remote FQDN 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_xcVehZegEHjE22An name
auth SHA256
auth-nocache
cipher AES-256-CBC
tls-client tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns
verb 3
Client successfully connected to Server, and I can ping Server 10.8.0.1 from Client (Mikrotik) and ICMP packets generate traffic.
I can see new Address in Address List and Routes when VPN connection is set.
I added Mangle Rule with chain prerouting to mark routing from some IPs in local network 192.168.1.0 with New Routing Mark - vpn.
I added NAT Rule with chain srcnat with Src. Address from 192.168.1.0 with action masquerade. But traffic from devices that are added into this NAR rule are still going not through VPN connection.
I guess that I need to add routing between 192.168.1.0 and 10.8.0.0 networks, but I have no clue how to do it.
Can someone advise what I need to add more into NAT to make it work?