Community discussions

MikroTik App
 
User avatar
brixsat
newbie
Topic Author
Posts: 28
Joined: Thu Nov 07, 2019 11:10 pm
Location: Porto
Contact:

OpenVpn connected but no lan neither internet

Fri Oct 09, 2020 4:51 pm

Hello,

I have a mikrotik with 2 vpn servers.
The pptp server vpn i can connect and with success and is working nicely (lan + internet without problems).
The openvpn server i can connect but no lan, no internet, no nothing, just an ip from the 192.168.89.x network, nothing else, no internet, no access to lan, no access to router.


What am I doing wrong?
# oct/09/2020 14:50:22 by RouterOS 6.47.4
# software id = 3WGQ-8KGC
#
# model = RB951Ui-2nD
# serial number = B88C0BE34E42
/interface bridge
add admin-mac=C4:AD:34:B4:26:ED auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] country=portugal disabled=no mode=ap-bridge \
    ssid=Wifi@Company wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=felicidade \
    wpa2-pre-shared-key=felicidade
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes ipsec-secret=vpn1 use-ipsec=yes
/interface list member
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether1 list=WAN
add interface=bridge list=LAN
/interface ovpn-server server
set auth=sha1 certificate=server-certificate cipher=aes256 default-profile=\
    default-encryption enabled=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=\
    192.168.88.0
add address=192.168.88.0/24 interface=ether2 network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.0 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="allow openvpn" dst-port=1194 log=yes \
    protocol=tcp
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
    protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" log=yes \
    src-address=192.168.89.0/24
/ppp secret
add name=test1 password=test1
add name=test2 password=test2
/system clock
set time-zone-name=Europe/Lisbon
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Thanks in advance
Think outside the box.
 
User avatar
brixsat
newbie
Topic Author
Posts: 28
Joined: Thu Nov 07, 2019 11:10 pm
Location: Porto
Contact:

Re: OpenVpn connected but no lan neither internet

Sat Oct 10, 2020 1:55 pm

Any one?

Its very strange why one works and other dont.
Think outside the box.
 
User avatar
brixsat
newbie
Topic Author
Posts: 28
Joined: Thu Nov 07, 2019 11:10 pm
Location: Porto
Contact:

Re: OpenVpn connected but no lan neither internet

Mon Oct 12, 2020 11:38 am

Anyone?
Think outside the box.
 
Sob
Forum Guru
Forum Guru
Posts: 6116
Joined: Mon Apr 20, 2009 9:11 pm

Re: OpenVpn connected but no lan neither internet

Mon Oct 12, 2020 5:06 pm

It doesn't look like anything in router's config. Check the client side. PPTP probably uses tunnel as default gateway, do you have the same for OpenVPN?
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
User avatar
brixsat
newbie
Topic Author
Posts: 28
Joined: Thu Nov 07, 2019 11:10 pm
Location: Porto
Contact:

Re: OpenVpn connected but no lan neither internet

Thu Oct 15, 2020 5:46 pm

I only have problems on openvpn. Cant find out why.

pptp = all ok :)

openvpn = no routing, no access to the router, no access to local lan nothing. I have an ip after connect but nothing else.
Think outside the box.
 
rbuserdl
Member Candidate
Member Candidate
Posts: 168
Joined: Thu Mar 22, 2018 1:53 pm

Re: OpenVpn connected but no lan neither internet

Thu Oct 15, 2020 6:09 pm

Hello

You have included the 192.168.89.255 in the pool, I think this is the problem
I suggest you to change it to 253 (I have problem recently adding the 254 too)

Regards,
Damián
 
User avatar
brixsat
newbie
Topic Author
Posts: 28
Joined: Thu Nov 07, 2019 11:10 pm
Location: Porto
Contact:

Re: OpenVpn connected but no lan neither internet

Thu Oct 15, 2020 6:54 pm

will try that and report

thanks :)
Think outside the box.
 
User avatar
brixsat
newbie
Topic Author
Posts: 28
Joined: Thu Nov 07, 2019 11:10 pm
Location: Porto
Contact:

Re: OpenVpn connected but no lan neither internet

Thu Oct 15, 2020 8:22 pm

Fixed
I had to remove comp-lzo from client.

# mikrotik does not support
#comp-lzo
Last edited by brixsat on Thu Oct 15, 2020 10:43 pm, edited 1 time in total.
Think outside the box.
 
Sob
Forum Guru
Forum Guru
Posts: 6116
Joined: Mon Apr 20, 2009 9:11 pm

Re: OpenVpn connected but no lan neither internet

Thu Oct 15, 2020 8:47 pm

Once more:
PPTP probably uses tunnel as default gateway, do you have the same for OpenVPN?
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
User avatar
brixsat
newbie
Topic Author
Posts: 28
Joined: Thu Nov 07, 2019 11:10 pm
Location: Porto
Contact:

Re: OpenVpn connected but no lan neither internet  [SOLVED]

Thu Oct 15, 2020 10:44 pm

The problem was comp-lzo. Now it works.

# mikrotik does not support
#comp-lzo
Think outside the box.

Who is online

Users browsing this forum: skali and 185 guests