Community discussions

MikroTik App
 
chrisv
just joined
Topic Author
Posts: 5
Joined: Sat Mar 25, 2017 3:08 pm

Help forwarding UDP

Mon Mar 15, 2021 2:46 am

Hi, I have a server running OpenVPN (192.168.88.2) and am having issues connecting via UDP. I can get TCP forwarded and opened on the firewall just fine.

When the OpenVPN client and the server are on the same network (192.168.88.x in this case) UDP and TCP work fine. But when the client is outside, I can only establish a TCP connection.

Any suggestions on what I can change?

Here's a list of my NAT rules:
 0    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface=pppoe-out1 log=no log-prefix="" 

 1    ;;; HAIRPIN
      chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.0/24 log=no log-prefix=""

 2    ;;; web sever 443
      chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=443 protocol=tcp dst-address=!192.168.88.1 dst-address-type=local dst-port=443 log=no log-prefix="" 

 3    ;;; OpenVPN udp
      chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=1194 protocol=udp dst-address=!192.168.88.1 dst-address-type=local dst-port=1194 log=no log-prefix="" 

 4    ;;; OpenVPN tcp
      chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=9443 protocol=tcp dst-address=!192.168.88.1 dst-address-type=local dst-port=9443 log=no log-prefix="" 
 
chrisv
just joined
Topic Author
Posts: 5
Joined: Sat Mar 25, 2017 3:08 pm

Re: Help forwarding UDP

Fri Mar 26, 2021 3:39 am

Any ideas? I've tried disabling the hairpin and just adding it as a normal firewall exception, but still no luck. UDP still doesn't seem to get through.
 
Cablenut9
Long time Member
Long time Member
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Help forwarding UDP

Fri Mar 26, 2021 5:18 am

Mikrotik doesn't support UDP on OpenVPN unless you use buggy v7, so either switch to some other protocol or try upgrading to 7.1beta5.
 
chrisv
just joined
Topic Author
Posts: 5
Joined: Sat Mar 25, 2017 3:08 pm

Re: Help forwarding UDP

Fri Mar 26, 2021 8:43 am

Thank you very much for the reply!

Just to confirm, other services that might use UDP should get passed through just fine with the rules I have set up, correct? Assuming I change the port # to whatever it needs to be.

Or does UDP not work at all on v6?
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 298
Joined: Mon Mar 15, 2021 9:10 pm

Re: Help forwarding UDP

Sat Mar 27, 2021 3:03 pm

Hey,

It was very clear in the manual that OpenVPN implementation in Mikrotik supports only in TCP mode, I think this is also the case for the latest stable 6.48.1

https://wiki.mikrotik.com/wiki/OpenVPN
 
chrisv
just joined
Topic Author
Posts: 5
Joined: Sat Mar 25, 2017 3:08 pm

Re: Help forwarding UDP

Mon Mar 29, 2021 1:37 pm

I'm not trying to run OpenVPN on the Mikrotik router itself, nor do I want to.

I'm running open VPN on a separate server on my network (192.168.88.2, as mentioned in the first post). I just want to get the UDP packets from the public internet to that server.

Does the router somehow discriminate against UDP packets meant for an OpenVPN server? Does it not support forwarding UDP at all? Or is there simply an error in the rules I have set up?
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 298
Joined: Mon Mar 15, 2021 9:10 pm

Re: Help forwarding UDP

Mon Mar 29, 2021 5:23 pm

Try this

add action=dst-nat chain=dstnat dst-address=your_public_ip dst-port=1194 \
protocol=udp to-addresses=192.168.88.2 to-ports=1194
 
chrisv
just joined
Topic Author
Posts: 5
Joined: Sat Mar 25, 2017 3:08 pm

Re: Help forwarding UDP

Wed Mar 31, 2021 4:41 am

I tried disabling all rules and having only my first rule (masquerade) and that one, and UDP still doesn't routed correctly. If I change it from UDP to TCP it works fine. =/

Who is online

Users browsing this forum: tesme33 and 21 guests