If you are using VPN client addresses which overlap with a subnet attached to an ethernet interface you have to use proxy-arp so the Mikrotik replies to ARP requests from local ethernet connected devices on behalf of the remote VPN client.
Ok i saw some comments of people having the same issue as i do, im not alone.
One solution for everyone was to use proxy-arp as you mentioned so i did this:
Also i added this rule:
/ip firewall filter add action=accept chain=forward comment="Test OVPN filter rule" in-interface=all-ppp out-interface=bridge1
Result: Worked for the other people but here i am still having the same problem. But i feel i may be getting close to the solution.
Here is my export with the code..
Both the L2tp and openvpn are enabled.. i havent tested the open VPN connection yet but looking at the comments of other people, it does not matter, i need to
solve that proxy-arp issue so it seems...
[*]
[admin@MikroTik] > /export hide-sensitive
# jun/05/2021 18:19:03 by RouterOS 6.48.3
# software id = W0PA-KWSM
#
# model = CRS109-8G-1S-2HnD
# serial number = D54E0DXXXXX
/interface bridge
add arp=proxy-arp name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge ssid=NCStudio wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.0.0.2-10.0.0.244
add name=l2tppool1 ranges=10.0.0.245-10.0.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/ppp profile
add bridge=bridge1 dns-server=8.8.8.8 local-address=10.0.0.1 name=vpn-prof remote-address=l2tppool1
set *FFFFFFFE change-tcp-mss=default dns-server=8.8.8.8 local-address=10.0.0.1 remote-address=l2tppool1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=sfp1
add bridge=bridge1 interface=wlan1
add bridge=bridge1 fast-leave=yes interface=*D
/interface l2tp-server server
set default-profile=vpn-prof enabled=yes one-session-per-host=yes use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/interface ovpn-server server
set auth=sha1 certificate=server cipher=aes256 enabled=yes require-client-certificate=yes
/ip address
add address=10.0.0.1/8 interface=bridge1 network=10.0.0.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10h10m
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
add address=10.0.0.0/8 gateway=10.0.0.1 netmask=8
/ip firewall address-list
add address=27.116.56.0/22 comment=AFGHANISTAN list=CountryIPBlocks
A ZILLION BLOCKED COUNTRIES HERE
/ip firewall filter
add action=drop chain=forward comment="Drop invalid connections through router" connection-state=invalid
add action=drop chain=forward comment="Drop all traffic to-from addresses on \\\"CountryIPBlocks\\\" address list" \
dst-address-list=CountryIPBlocks
add action=accept chain=forward comment="Allow established connections through router" connection-state=established
add action=accept chain=forward comment="Allow related connections through router" connection-state=related
add action=accept chain=forward comment="Allow new connections through router coming in LAN interface" connection-state=\
new in-interface=ether1
add action=drop chain=forward comment="Drop all other connections through the router" disabled=yes
add action=drop chain=input comment="Drop all traffic from addresses on \"CountryIPBlocks\" address list" \
src-address-list=CountryIPBlocks
add action=accept chain=input comment="Allow everything from the LAN interface to the router" in-interface=ether1
add action=accept chain=input comment=\
"Allow established connections to the router, these are OK because we aren't allowing new connections" \
connection-state=established
add action=accept chain=input comment=\
"Allow related connections to the router, these are OK because we aren't allowing new connections" connection-state=\
related
add action=drop chain=input comment="Drop everything else to the router" disabled=yes
add action=accept chain=forward comment="Test OVPN filter rule" in-interface=all-ppp out-interface=bridge1
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/ppp secret
add local-address=10.0.0.1 name=ncvpn profile=vpn-prof remote-address=10.0.0.251 routes=10.0.0.0/8 service=l2tp
add local-address=10.0.0.1 name=vpnancy profile=vpn-prof remote-address=10.0.0.240 service=ovpn
/system clock
set time-zone-name=America/New_York