Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

vovailchenko · Thu May 03, 2018 12:13 am

Hello. I'm trying to establish a simple S2S VPN between Mikrotik 6.40.7 and Linux 16.04 LTS.
While i'm able to ping directly between the Linux<->Mikrotik, i get timeouts when i ping smth behind those boxes.

Linux OVPN Server Config:

mode server
proto tcp
local _IPADDR_
dev-type tun
dev tun1

topology subnet

server 192.168.224.0 255.255.252.0

txqueuelen 250
keepalive 300 900
persist-tun
persist-key

cipher AES-128-CBC
ncp-ciphers AES-128-GCM

duplicate-cn

verb 3
log-append /var/log/openvpn.log
log logs/log1.log
status logs/status1.log 30

client-config-dir ccd

client-connect /etc/openvpn/client-connect.sh
script-security 2

ca ca.crt
cert cert.crt
key cert.key
dh dh2048.pem

Mikrotik OVPN Client Config:

/interface ovpn-client
add certificate=client1.crt_0 cipher=aes128 connect-to=_IPADDR_ mac-address=_MACADDR_ name=name password=none user=none

Status on client:

 /interface> ovpn-client print  
Flags: X - disabled, R - running 
 0  R name="name" mac-address=_MACADDR_ max-mtu=1500 connect-to=_IPADDR_ port=1194 mode=ip user="none" password="none" profile=default certificate=client1.crt_0 auth=sha1 cipher=aes128 add-default-route=no

Ability to ping Linux from Mikrotik:

 /interface> /ping 192.168.224.1 
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                                                                                                                                                                          
    0 192.168.224.1                              56  64 170ms
    1 192.168.224.1                              56  64 170ms
    2 192.168.224.1                              56  64 170ms
    3 192.168.224.1                              56  64 170ms
    4 192.168.224.1                              56  64 171ms

Ability to ping Mikrotik from Linux:

root@fr:/etc/openvpn# ping 192.168.224.3
PING 192.168.224.3 (192.168.224.3) 56(84) bytes of data.
64 bytes from 192.168.224.3: icmp_seq=1 ttl=64 time=170 ms
64 bytes from 192.168.224.3: icmp_seq=2 ttl=64 time=170 ms
64 bytes from 192.168.224.3: icmp_seq=3 ttl=64 time=170 ms

What doesn't work here:

i define a loopback on mikrotik:

/interface> /interface print where name=loopback   
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  loopback                           bridge           1500 65535            00:00:00:00:00:00

i bind an ip address to that loopback:

 /interface> /ip address print where interface=loopback 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                                                                                                                                                                             
 0   172.30.0.1/30      172.30.0.0      loopback

i put the static route on linux:

root@fr:~# route add -net 172.30.0.0/30 192.168.224.2
root@fr:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         50.116.3.1      0.0.0.0         UG        0 0          0 eth0
_IPADDR_NET_    0.0.0.0         255.255.255.0   U         0 0          0 eth0
172.30.0.0      192.168.224.2   255.255.255.252 UG        0 0          0 tun1
192.168.224.0   0.0.0.0         255.255.252.0   U         0 0          0 tun1

ping is not successful:

root@fr:~# ping 172.30.0.1
PING 172.30.0.1 (172.30.0.1) 56(84) bytes of data.
^C

If i create loopback on Linux box and add static route to Mikrotik - i can ping it from Mikrotik.

Seems to me like some basic detail I'm missing here. Can anyone please advise me the right path here?
Appreciate beforehand your support!

CZFan · Fri May 04, 2018 7:48 pm

What is the IP Address you are pinging from? Mikrotik might need route back via tunnel for that subnet

vovailchenko · Fri May 04, 2018 10:29 pm

What is the IP Address you are pinging from? Mikrotik might need route back via tunnel for that subnet

thank you. that's a legit question.

if i run tcpcump in parallel with the ping from linux, here is what i see:

19:26:11.530113 IP 192.168.224.1 > 172.30.0.1: ICMP echo request, id 12066, seq 63, length 64
19:26:12.543452 IP 192.168.224.1 > 172.30.0.1: ICMP echo request, id 12066, seq 64, length 64
19:26:13.556807 IP 192.168.224.1 > 172.30.0.1: ICMP echo request, id 12066, seq 65, length 64
19:26:14.570118 IP 192.168.224.1 > 172.30.0.1: ICMP echo request, id 12066, seq 66, length 64

on the mikrotik, i definitely see this IP address in the routing table and reachable:

> /ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                                                                                                                         
 0 X ;;; defconf
*skipped*
 2   172.30.0.1/30      172.30.0.0      loopback_twc                                                                                                                                                                                                                      
 3 D 192.168.224.2/22   192.168.224.0   twc2                                                                                                                                                                                                                              
> ping 192.168.224.1
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                                                                                                                      
    0 192.168.224.1                              56  64 170ms
    1 192.168.224.1                              56  64 170ms
    2 192.168.224.1                              56  64 170ms
    3 192.168.224.1                              56  64 170ms
    sent=4 received=4 packet-loss=0% min-rtt=170ms avg-rtt=170ms max-rtt=170ms

sindy · Fri May 04, 2018 10:32 pm

What is the IP Address you are pinging from? Mikrotik might need route back via tunnel for that subnet

I'm not sure whether the openvpn implementation on Mikrotik, which is quite a sub-standard one in several regards, supports pushing routes from server, in any case there is no push route list
in the configuration @vovailchenko has posted.

So @vovailchenko, the point is to tell the client to which prefixes (subnets) to send packets via the VPN tunnel and to which subnets via other gateways. And you have to bear in mind that you cannot ping through the VPN tunnel the same _IPADDR_ to which the transport packets of the VPN are sent through the tunnel. So whereas a packet from the linux machine towards 172.30.0.1 may go via the tunnel as the client connects from some other address, you cannot set a route to _IPADDR_NET_ at Mikrotik side into the tunnel because that would send the transport packets of the tunnel into the tunnel so it would not work. And as you have only IPADDR and 192.168.224.3 on the linux, you have no other address to ping, except some behind the linux, i.e. in the internet.

So if you want the client to get everyhwre via the VPN, the routing table on Mikrotik should look similar to this:

dst-address=_IPADDR_ gateway=x.x.x.x  # a route overriding any other one for the VPN transport packets, not necessary while the client is in _IPADDR_NET_ but that's unlikely to survive the lab phase
dst-address=0.0.0.0/0 gateway=192.168.224.3 distance=1 # the default route while the VPN is up
dst-address=0.0.0.0/0 gateway=x.x.x.x distance=2 # optionally, a default route to be used while the VPN is down)

vovailchenko · Fri May 04, 2018 10:57 pm

I'm not sure whether the openvpn implementation on Mikrotik, which is quite a sub-standard one in several regards, supports pushing routes from server, in any case there is no push route list
in the configuration @vovailchenko has posted.

Mikrotik supports it.
the routes are listed here:

client-config-dir ccd

I'm receiving a lot of routes. The point is that i CAN PING from Mikrotik to Linux.
i can not ping vice versa.

So @vovailchenko, the point is to tell the client to which prefixes (subnets) to send packets via the VPN tunnel and to which subnets via other gateways. And you have to bear in mind that you cannot ping through the VPN tunnel the same _IPADDR_ to which the transport packets of the VPN are sent through the tunnel. So whereas a packet from the linux machine towards 172.30.0.1 may go via the tunnel as the client connects from some other address, you cannot set a route to _IPADDR_NET_ at Mikrotik side into the tunnel because that would send the transport packets of the tunnel into the tunnel so it would not work. And as you have only IPADDR and 192.168.224.3 on the linux, you have no other address to ping, except some behind the linux, i.e. in the internet.

So if you want the client to get everyhwre via the VPN, the routing table on Mikrotik should look similar to this:
Code: Select all
dst-address=_IPADDR_ gateway=x.x.x.x  # a route overriding any other one for the VPN transport packets, not necessary while the client is in _IPADDR_NET_ but that's unlikely to survive the lab phase
dst-address=0.0.0.0/0 gateway=192.168.224.3 distance=1 # the default route while the VPN is up
dst-address=0.0.0.0/0 gateway=x.x.x.x distance=2 # optionally, a default route to be used while the VPN is down)

Yes, thank you sindy, i understand this. in fact, i do not have issues from Mikrotik to Linux. only from Linux to Mikrotik..

Here is a ping session from Mikrotik to Linux:

Mikrotik

> ping 172.30.1.1
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                                                                                                                      
    0 172.30.1.1                                 56  64 170ms
    1 172.30.1.1                                 56  64 170ms

> /ip route print where dst-address=172.30.1.0/30
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  172.30.1.0/30                      192.168.224.1             1
 1   S  172.30.1.0/30                      192.168.224.1             1

Linux

root@fr:~# tcpdump -i any icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
19:53:17.033051 IP 192.168.224.2 > 172.30.1.1: ICMP echo request, id 2698, seq 6, length 36
19:53:17.033072 IP 172.30.1.1 > 192.168.224.2: ICMP echo reply, id 2698, seq 6, length 36


root@fr:~# ifconfig lo:0
lo:0      Link encap:Local Loopback  
          inet addr:172.30.1.1  Mask:255.255.255.252
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

Any ideas?

sindy · Fri May 04, 2018 11:05 pm

Yes, thank you sindy, i understand this. in fact, i do not have issues from Mikrotik to Linux. only from Linux to Mikrotik..

If so, I can imagine only two reasons:

Mikrotik firewall not accepting incoming "connections" (icmp echo request/echo response flow is also considered a connection) from the ovpn interface
the linux machine choosing a source address for the pings for which the Mikrotik has no route.

As your tcpdump shows that the ping to 172.30.0.1 goes from 192.168.224.1, this should not be the case, so the firewall remains. What are your /ip firewall filter rules?

vovailchenko · Fri May 04, 2018 11:46 pm

Thank you sindy.

What are your /ip firewall filter rules?


[admin@wrt3] > /ip firewall filter print 
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 2    ;;; defconf: accept established,related
      chain=input action=accept connection-state=established,related log=no log-prefix="" 

 3 X  ;;; defconf: drop all from WAN
      chain=input action=drop in-interface=ether1 log=no log-prefix="" 

 4    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix="" 

 5    ;;; defconf: accept established,related
      chain=forward action=accept connection-state=established,related log=no log-prefix="" 

 6    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid log=no log-prefix="" 

 7 X  ;;; defconf:  drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1 log=no log-prefix=""

sindy · Sat May 05, 2018 12:07 am

OK, so the firewall rules are not guilty, icmp is accepted from anywhere, and established connections too.

I'll have a look again in the morning if someone else doesn't find it out in the meantime.

vovailchenko · Sat May 05, 2018 12:09 am

OK, so the firewall rules are not guilty, icmp is accepted from anywhere, and established connections too.

I'll have a look again in the morning if someone else doesn't find it out in the meantime.

Thank you sindy. Appreciate your help!

CZFan · Sat May 05, 2018 2:22 am

Just trying to get a clear picture here:

224.1 is tunnel side of Linux
224.2 is tunnel side of Mikrotik

In OP, you say you can ping Mikrotik from Linux and successfully ping 224.3 from 224.1, what is 224.3?

vovailchenko · Sat May 05, 2018 9:28 am

Just trying to get a clear picture here:

224.1 is tunnel side of Linux
224.2 is tunnel side of Mikrotik

In OP, you say you can ping Mikrotik from Linux and successfully ping 224.3 from 224.1, what is 224.3?

CZFan, this is because i have 2 Mikrotik clients, because i want to eliminate some platform issues. Sometimes IP addresses change. After they change - i make sure i have correct entries in the routing table.

Current setup:
224.1 is tunnel side of Linux
224.2 is tunnel side of Mikrotik(wap ac i think)
224.3 is tunnel side of Mikrotik(CHR)

let's focus on the 224.1<->224.2 communication currently please

huntah · Sat May 05, 2018 10:31 am

How about NAT (Masquerade). Did you disable it on both sides for the tunel IPs?

vovailchenko · Sat May 05, 2018 10:43 am

How about NAT (Masquerade). Did you disable it on both sides for the tunel IPs?

yes, there is no NAT on both sides.

sindy · Sat May 05, 2018 6:02 pm

Вова, on what interface did you run the tcpdump? I suppose on the tun(tap?) interface. So can you please run /tool sniffer into a file on the ovpn interface at Mikrotik simultaneously with tcpdump on that interface on linux when pinging from the Mikrotik to the linux machine, then use tcpdump -r to print the packets from that file out in the tcpdump format, and post the results from both ends of the tunnel?

And then another pair of tcpdump outputs when you ping from the linux side?

That should make it clear at least at which end the cause is.

vovailchenko · Sat May 05, 2018 9:14 pm

Вова, on what interface did you run the tcpdump? I suppose on the tun(tap?) interface. So can you please run /tool sniffer into a file on the ovpn interface at Mikrotik simultaneously with tcpdump on that interface on linux when pinging from the Mikrotik to the linux machine, then use tcpdump -r to print the packets from that file out in the tcpdump format, and post the results from both ends of the tunnel?

And then another pair of tcpdump outputs when you ping from the linux side?

That should make it clear at least at which end the cause is.

Yes, it was on tun interface.
Here is the requested info:

When pinging from MT to Linux (pings are successful)

MT side on ovpn-client interface:


17:56:08.529164 IP 192.168.224.2 > 172.30.1.1: ICMP echo request, id 2897, seq 158, length 36
17:56:08.699609 IP 172.30.1.1 > 192.168.224.2: ICMP echo reply, id 2897, seq 158, length 36
17:56:09.523063 IP 192.168.224.2 > 172.30.1.1: ICMP echo request, id 2897, seq 159, length 36
17:56:09.694335 IP 172.30.1.1 > 192.168.224.2: ICMP echo reply, id 2897, seq 159, length 36
17:56:10.528690 IP 192.168.224.2 > 172.30.1.1: ICMP echo request, id 2897, seq 160, length 36
17:56:10.698924 IP 172.30.1.1 > 192.168.224.2: ICMP echo reply, id 2897, seq 160, length 36
..and so on...

Linux side on ovpn tun interface:


17:57:15.761484 IP 192.168.224.2 > 172.30.1.1: ICMP echo request, id 2897, seq 217, length 36
17:57:15.761504 IP 172.30.1.1 > 192.168.224.2: ICMP echo reply, id 2897, seq 217, length 36
17:57:16.764776 IP 192.168.224.2 > 172.30.1.1: ICMP echo request, id 2897, seq 218, length 36
17:57:16.764802 IP 172.30.1.1 > 192.168.224.2: ICMP echo reply, id 2897, seq 218, length 36
17:57:17.758246 IP 192.168.224.2 > 172.30.1.1: ICMP echo request, id 2897, seq 219, length 36
17:57:17.758267 IP 172.30.1.1 > 192.168.224.2: ICMP echo reply, id 2897, seq 219, length 36
17:57:18.762315 IP 192.168.224.2 > 172.30.1.1: ICMP echo request, id 2897, seq 220, length 36
17:57:18.762333 IP 172.30.1.1 > 192.168.224.2: ICMP echo reply, id 2897, seq 220, length 36
..and so on...

Now the important part. When pinging from Linux to MT (pings are not successful)

Linux side on ovpn tun interface:


root@fr:~# tcpdump -i tun1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun1, link-type RAW (Raw IP), capture size 262144 bytes
18:03:33.761970 IP 192.168.224.1 > 172.30.0.1: ICMP echo request, id 16420, seq 26, length 64
18:03:34.775331 IP 192.168.224.1 > 172.30.0.1: ICMP echo request, id 16420, seq 27, length 64
18:03:35.788655 IP 192.168.224.1 > 172.30.0.1: ICMP echo request, id 16420, seq 28, length 64
18:03:36.801996 IP 192.168.224.1 > 172.30.0.1: ICMP echo request, id 16420, seq 29, length 64

MT side on ovpn-client interface:


capture is empty...

How is this possible. The packets do not get to the MT.....

sindy · Sat May 05, 2018 9:30 pm

Great

and now do the same and tcpdump/sniff on the physical interfaces through which the encrypted&encapsulated packets are supposed to pass, filtering on the address of the opposite machine at each side, to see whether the linux sends the encrypted packet for each plaintext ping packet or not and whether they get to the Mikrotik's physical interface.

On linux, it should be possible to use -i any (or all, I never remember which one is correct) and host 172.30.0.1 or <the physical address of the Mikrotik> to get both streams in a common output, on Mikroitk, you would set filter-interface=ovpn,ether1 (use the correct names of course), filter-ip-address=172.30.0.1,<the physical addres of the linux>, and filter-operator-between-entries=and for the same purpose.

vovailchenko · Sat May 05, 2018 10:04 pm

Great and now do the same and tcpdump/sniff on the physical interfaces through which the encrypted&encapsulated packets are supposed to pass, filtering on the address of the opposite machine at each side, to see whether the linux sends the encrypted packet for each plaintext ping packet or not and whether they get to the Mikrotik's physical interface.

On linux, it should be possible to use -i any (or all, I never remember which one is correct) and host 172.30.0.1 or <the physical address of the Mikrotik> to get both streams in a common output, on Mikroitk, you would set filter-interface=ovpn,ether1 (use the correct names of course), filter-ip-address=172.30.0.1,<the physical addres of the linux>, and filter-operator-between-entries=and for the same purpose.

thanks. done that few minutes back - the problem seems to be that Linux box does not send any packet towards the client. i don't see any activity going towards the MT public ip+port there. what can be the cause here?

sindy · Sat May 05, 2018 11:04 pm

thanks. done that few minutes back - the problem seems to be that Linux box does not send any packet towards the client. i don't see any activity going towards the MT public ip+port there. what can be the cause here?

What happens if you ping both ways simultaneously? It's kind of a mystery that the responses get back if you ping from the Mikrotik side but the requests do not get through if you ping from the linux. So I'd have a look whether it is an issue of some short-lived timer or something even more strange.

vovailchenko · Sat May 05, 2018 11:26 pm

What happens if you ping both ways simultaneously?

Nothing special happens

It's kind of a mystery that the responses get back if you ping from the Mikrotik side but the requests do not get through if you ping from the linux.

Here is why i assume:
When i ping from Mikrotik to Linux (172.30.1.1), the src-ip of ICMP is actually 192.168.224.2. It's sent from Mikrotik (i see it on linux) and gets back (because it's sent to 192.168.224.2).
When i ping from linux - the packets are not actually sent out from the outbound interface.of that linux for some reason....

sindy · Sat May 05, 2018 11:51 pm

When i ping from Mikrotik to Linux (172.30.1.1), the src-ip of ICMP is actually 192.168.224.2. It's sent from Mikrotik (i see it on linux) and gets back (because it's sent to 192.168.224.2).
When i ping from linux - the packets are not actually sent out from the outbound interface.of that linux for some reason....

So when you ping from linux to 192.168.224.2, everything is fine, right?

I hazily remember that when you wanted to use the openvpn client as a gateway to some IP subnet behind it (your 172.30.0.0/24), on the machine running the openvpn server it was not enough to set a route to that subnet via the client's address (192.168.224.2) at system level, but that you had to set that in the openvpn server's configuration as well, using that client's configuration file.

This article has reminded me that your client config file needs to indicate that there is a remote network accessible via that client, using the iroute keyword:

iroute 172.30.0.0 255.255.255.0

Without that, the openvpn server daemon receives the packet, but doesn't know where to send it so it doesn't send it anywhere.

vovailchenko · Sun May 06, 2018 12:19 am

GOD BLESS YOU Sindy!


root@fr:/etc/openvpn# ping 172.30.0.1
PING 172.30.0.1 (172.30.0.1) 56(84) bytes of data.
64 bytes from 172.30.0.1: icmp_seq=1 ttl=64 time=272 ms

Thank you for making this work. Owe you a beer!

sindy · Sun May 06, 2018 12:22 am

Thank you for making this work. Owe you a beer!

Which city?

vovailchenko · Sun May 06, 2018 12:27 am

Which city?

Kiev, Ukraine

sindy · Sun May 06, 2018 12:31 am

OK, agreed. May take a few months, though

cmwv6 · Thu Jun 21, 2018 2:53 pm

GOD BLESS YOU Sindy!
Code: Select all
root@fr:/etc/openvpn# ping 172.30.0.1
PING 172.30.0.1 (172.30.0.1) 56(84) bytes of data.
64 bytes from 172.30.0.1: icmp_seq=1 ttl=64 time=272 ms
Thank you for making this work. Owe you a beer!

Hello vovailchenko ,

I see you usign Linux for OpenVPN ... coud you helpme please find where is my mistake

Y hace running OpenVPN like cliente MIkrotik this way.
/interface ovpn-client
add certificate=client1.crt_0 cipher=aes128 connect-to=IP_ADDRESS mac-address=02:87:82:DC:0A:EB name=ovpn-out1 password=pass profile=ovpn user=vpnuser

But every time dsconnected.

06:40:35 ovpn,info ovpn-out1: using encoding - AES-128-CBC/SHA1
06:40:36 ovpn,info ovpn-out1: connected
06:40:50 ovpn,info ovpn-out1: terminating... - peer disconnected
06:40:50 ovpn,info ovpn-out1: disconnected
06:40:50 ovpn,info ovpn-out1: initializing...
06:40:50 ovpn,info ovpn-out1: connecting...
06:40:52 ovpn,info ovpn-out1: using encoding - AES-128-CBC/SHA1
06:40:53 ovpn,info ovpn-out1: connected
06:41:07 ovpn,info ovpn-out1: terminating... - peer disconnected
06:41:07 ovpn,info ovpn-out1: disconnected
06:41:07 ovpn,info ovpn-out1: initializing...
06:41:07 ovpn,info ovpn-out1: connecting...
06:41:09 ovpn,info ovpn-out1: using encoding - AES-128-CBC/SHA1
06:41:10 ovpn,info ovpn-out1: connected
06:41:24 ovpn,info ovpn-out1: terminating... - peer disconnected

Coud you help me find where is my problem

Thank so much.

Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Re: Linux<->Mikrotik Site-to-Site OpenVPN issue [UPD]

Who is online