I have a Microtik hAP ac lite TC provided by my ISP, I am trying to configure port forwarding from the WAN to a LAN PC running OpenVPN. I have added what I believe to be the correct port forwarding rule but I cannot connect to OpenVPN from an external machine. I can connect to the VPN service from within the network so I am certain that the OpenVPN server is working.
The Microtik router has a LAN ip of 192.168.0.1, the server I am trying to forward to is on 192.168.0.50. I am trying to use port 1194 on UDP.
The ISP has provided this router so it came preconfigured, I am pretty sure that one of the filters set by the ISP may be stopping me doing what I intend, I just don't know how to fix it. The other option is that I have not created my port forward correctly.
Below are shown exports of both /ip firewall nat and /ip firewall filter.
Any help would be greatly appreciated.
Thanks
Code: Select all
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input dst-port=8291 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address-type=local dst-port=1194 protocol=udp src-port=1194 to-addresses=192.168.0.50 to-ports=1194