Community discussions

MikroTik App
 
randomsam
just joined
Topic Author
Posts: 1
Joined: Tue Sep 14, 2021 9:58 pm

Port forwarding to OpenVPN Server

Tue Sep 14, 2021 10:17 pm

Hi All,
I have a Microtik hAP ac lite TC provided by my ISP, I am trying to configure port forwarding from the WAN to a LAN PC running OpenVPN. I have added what I believe to be the correct port forwarding rule but I cannot connect to OpenVPN from an external machine. I can connect to the VPN service from within the network so I am certain that the OpenVPN server is working.
The Microtik router has a LAN ip of 192.168.0.1, the server I am trying to forward to is on 192.168.0.50. I am trying to use port 1194 on UDP.

The ISP has provided this router so it came preconfigured, I am pretty sure that one of the filters set by the ISP may be stopping me doing what I intend, I just don't know how to fix it. The other option is that I have not created my port forward correctly.

Below are shown exports of both /ip firewall nat and /ip firewall filter.

Any help would be greatly appreciated.
Thanks

/ip firewall filter 
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked 
add action=accept chain=input dst-port=8291 protocol=tcp 
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid 
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp 
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN 
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec 
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec 
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related 
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked 
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid 
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat 
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN 
add action=dst-nat chain=dstnat dst-address-type=local dst-port=1194 protocol=udp src-port=1194 to-addresses=192.168.0.50 to-ports=1194

Who is online

Users browsing this forum: Bing [Bot], holvoetn, karlisi, Victormri and 90 guests