Community discussions

MikroTik App
 
RaStiScaR
just joined
Topic Author
Posts: 1
Joined: Mon Jul 05, 2021 6:50 pm

[help] failing to make mikrotik OpenVPN work

Mon Jul 05, 2021 7:07 pm

Hello

Please i hope someone can help me. Thanks in advance for you time :)

I cant make the mikrotik Open VPN feature work at all.
I have followed this tutorial https://systemzone.net/mikrotik-openvpn ... ws-client/
and also this viewtopic.php?t=138448

The Open VPN server will be the Mikrotik.
I have 2 Wan interface
each WAN interface is connected to ISP
Only Wan1 lets incoming traffic pass is ( ISP router port is DMZ)

when I try to do telnet W to this "an1-internet-static-IP-address 1194" from an internet connected device it does not open
neither if I try to connect the OpenVPN client app from another device through the internet

This is the config

# jul/05/2021 17:57:02 by RouterOS 6.48.2
# software id = MHFC-0AS7
#
# model = RB4011iGS+
# serial number = D4440D97859D
/interface bridge
add arp=proxy-arp name=LAN
/interface ethernet
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.89.30-192.168.89.219
add name=vpn-pool ranges=192.168.89.220-192.168.89.239
/ip dhcp-server
add address-pool=dhcp disabled=no interface=LAN lease-time=5m name=dhcp1
/ppp profile
add dns-server=192.168.89.1 local-address=192.168.89.1 name=vpn-profile \
remote-address=vpn-pool use-encryption=yes
/interface bridge port
add bridge=LAN interface=ether6
add bridge=LAN interface=sfp-sfpplus1
/interface list member
add interface=WAN1 list=WAN
add interface=LAN
/interface ovpn-server server
set auth=sha1 certificate="Cert OpenVPN" cipher=aes256 enabled=yes netmask=23 \
require-client-certificate=yes
/ip address
add address=192.168.89.1/24 interface=LAN network=192.168.89.0
add address=217.124.116.61/29 interface=WAN1 network=217.124.116.56
/ip dhcp-client
add disabled=no interface=WAN2
/ip dhcp-server lease
add address=192.168.89.202 client-id=1:0:17:c8:88:b6:61 mac-address=\
00:17:C8:88:B6:61 server=dhcp1
add address=192.168.89.15 mac-address=58:D5:6E:04:BC:40 server=dhcp1
add address=192.168.89.16 mac-address=58:D5:6E:04:BC:60 server=dhcp1
add address=192.168.89.17 mac-address=C4:E9:0A:1A:D9:70 server=dhcp1
/ip dhcp-server network
add address=192.168.89.0/24 dns-server=208.67.220.220,8.8.8.8,1.0.0.1,8.8.4.4 \
gateway=192.168.89.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=149.112.112.112,9.9.9.9,208.67.220.220
/ip firewall filter
add action=accept chain=input comment="allow OpenVPN" dst-address=Wan1-internet-static-IP-address \ dst-port=1194 protocol=udp
add action=accept chain=input comment="allow OpenVPN" dst-address==Wan1-internet-static-IP-address \ dst-port=1194 protocol=tcp
add action=passthrough chain=forward comment=\
"special dummy rule to show fasttrack counters"
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input dst-address=213.195.118.50 dst-port=8291 \
protocol=tcp src-address=92.137.41.13
add action=accept chain=input dst-port=8291 protocol=tcp src-address=\
188.165.158.196
add action=accept chain=input protocol=tcp src-address=5.135.230.66 src-port=\
8291
add action=accept chain=input comment="defconf: accept ICMP" in-interface-list=\
WAN protocol=icmp
add action=passthrough chain=forward comment="ms rdp test" dst-address=\
192.168.89.166 dst-port=3389 protocol=tcp
/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=\
cin_WAN1
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
cin_WAN2
add action=mark-routing chain=output connection-mark=cin_WAN1 new-routing-mark=\
rout_WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=cin_WAN2 new-routing-mark=\
rout_WAN2 passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=mixed src-address=\
192.168.88.0/23
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=redirect chain=dstnat comment="proxy DNS" dst-port=53 protocol=tcp \
to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53
/ip route
add disabled=yes distance=1 gateway=192.168.2.1,217.124.116.57 routing-mark=\
mixed
add distance=1 gateway=217.124.116.57
/ip upnp
set enabled=yes
/ppp secret
add disabled=yes name=andrey profile=vpn-profile service=ovpn
add local-address=192.168.89.1 name=jeanmichel.perrot remote-address=\
192.168.89.169 service=ovpn
/system clock
set time-zone-name=Europe/Madrid
/system ntp client
set enabled=yes primary-ntp=185.132.136.116 secondary-ntp=212.83.145.32

Who is online

Users browsing this forum: No registered users and 27 guests