Can ping put cannot to connect/telnet to port

Tue Feb 23, 2021 3:32 am


I'm newbie in Mikrotik, I have encountered a rather strange case and have yet to find a way to solve them.

I set up VPNs in my office with Mikrotik and connected them to a Mikrotik CCR1036-8G-2S + used to manage our servers. The strange thing is we can ping but cannot connet to one server, we don't have a firewall that blocks the src address VPN (example: to dst address (example:

When doing port mtr from a host in the VPN to the dst address above, it is blocked on Mikrotik CCR1036-8G-2S +. I tried checking filter rules, Mangle, Raw, Address List in IP / Firewall and never see these configurations from boh routers.

Hope to receive support and feedback from you soon.

Thanks !
Tue Feb 23, 2021 10:06 pm

First, this is forum is not an interface of Mikrotik support, you can only get help from fellow users here.
Next, if there is just one server where the problem exists, I'd start the search for the issue on that server first:
  • maybe it has its own firewall, restricting access to telnet only to some source IP addresses, which do not include the addresses you assign to the VPN clients?
  • maybe it has no route to the address range of the VPN clients?
Run /tool sniffer quick ip-address=ip.of.the.server port=23 on the CCR1036 and try to telnet to the IP of the server from the VPN client. What can you see in the output of the /tool sniffer quick?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

