Community discussions

MikroTik App
 
User avatar
iaskakho
just joined
Topic Author
Posts: 17
Joined: Sun Sep 05, 2021 9:27 pm
Location: New York, USA
Contact:

OVPN issue cannot PING from LAN to connected networks

Sun Sep 05, 2021 9:34 pm

Hello,

I am having an issue where I cannot ping from my LAN 10.0.2.0/24 to the network connected via OVPN.

OVPN server is RB4011iGS+5HacQ2HnD and the client is the RB4011iGS+5HacQ2HnD, software version are different client is newer software.

When I originally set it up it was working. But then something changed.

Routes on client:
 8 A S  192.168.0.0/24                     ovpn-aquaregiaf...        1
 9 A S  192.168.1.0/24                     ovpn-aquaregiaf...        1
10 ADC  192.168.8.0/24     192.168.8.10    ovpn-aquaregiaf...        0
11 A S  192.168.88.0/24                    ovpn-aquaregiaf...        1
If I use sniffer I can see the packets coming back and are destined for the LAN host but they never reach it.
[iaskakho@gateway1] /tool sniffer> quick ip-address=192.168.0.1 direction=rx /
INTERFACE                                                                          TIME    NUM DIR SRC-MAC           DST-MAC           VLAN   SRC-ADDRESS                         DST-ADDRESS                         PROTOCOL   SIZE CPU FP 
ether4                                                                            0.789      1 <-  98:E7:43:7F:47:32 2C:C8:1B:90:33:A8        10.0.2.48                           192.168.0.1                         ip:icmp      98   1 no 
bridge                                                                            0.789      2 <-  98:E7:43:7F:47:32 2C:C8:1B:90:33:A8        10.0.2.48                           192.168.0.1                         ip:icmp      98   1 no 
ether4                                                                            1.814      3 <-  98:E7:43:7F:47:32 2C:C8:1B:90:33:A8        10.0.2.48                           192.168.0.1                         ip:icmp      98   1 no 
bridge                                                                            1.814      4 <-  98:E7:43:7F:47:32 2C:C8:1B:90:33:A8        10.0.2.48                           192.168.0.1                         ip:icmp      98   1 no
 
I have NAT enabled for the interface on client:
11    chain=srcnat action=masquerade out-interface=ovpn-aquaregiaf log=yes


But the packets are not making it back any suggestions please.

I can ping from the Router(Client) to the connected networks no problem:
[iaskakho@gateway1] /ip route> /ping 192.168.0.1 count=3
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                                                                                         
    0 192.168.0.1                                56  63 62ms 
    1 192.168.0.1                                56  63 61ms 
    2 192.168.0.1                                56  63 62ms 
    sent=3 received=3 packet-loss=0% min-rtt=61ms avg-rtt=61ms max-rtt=62ms
On the Router(Server) I did a rule to be able to reach the host via nat rule that works but I should be able to reach these networks without the mapping rule:
[iaskakho@gateway] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none 

 1    chain=dstnat action=dst-nat to-addresses=192.168.0.1 to-ports=80 protocol=tcp in-interface=<ovpn-gateway1> dst-port=8081 log=no log-prefix=""
 
 LAN PC:
  root  ~  telnet 192.168.8.1 8081
Trying 192.168.8.1...
Connected to 192.168.8.1.
Escape character is '^]'.
^]

 
User avatar
iaskakho
just joined
Topic Author
Posts: 17
Joined: Sun Sep 05, 2021 9:27 pm
Location: New York, USA
Contact:

Re: OVPN issue cannot PING from LAN to connected networks

Mon Sep 06, 2021 3:07 am

I figured it out, after my initial configuration I updated the OS to newer version.

6.48.3

I downgraded back to 6.47.9 and it worked no problem. No need for the proxy-arp or anything.

At first this was the issue I thought but then realized it broke again and after using /tool sniffer quick ip-protocol=icmp I figured out that the packets were actually going through my default route.

I have PPC dual wan configured so in order for the OVPN routes to be used the dst-address=192.168.0.0/24 in-interface=OVPN needed to be added so their connection mark is marked appropriately then their routes will be used and sent through appropriate gateway.

Hope this helps someone else out.
Last edited by iaskakho on Tue Sep 07, 2021 12:03 am, edited 1 time in total.

Who is online

Users browsing this forum: holvoetn, Majestic-12 [Bot], sebus46 and 49 guests