Attempting to get OpenVPN running on network using a raspberry pi. I have the server configured, client configurations distributed, etc. UFW on the pi has both 443/tcp and 1194/udp open.
DST-NAT on the router appears to be broken. I cannot forward or open ANY ports in NAT and I'm 99% certain I have the rules appropriately configured.
I've pasted my firewall config below. Local VPN address is 192.168.88.94.
Code: Select all
/ip firewall filter
add action=passthrough chain=forward dst-port=44695 log=yes log-prefix=44695_forward protocol=tcp
add action=passthrough chain=input dst-port=44695 log=yes log-prefix=44695_input protocol=tcp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=OpenVPNServer_UDP/1194 dst-address=192.168.88.94 dst-port=1194 log=yes \
log-prefix=OpenVPN_UDP protocol=udp to-addresses=192.168.88.94 to-ports=1194
add action=dst-nat chain=dstnat comment=OpenVPNServer_TCP/443 dst-address=192.168.88.94 dst-port=443 log=yes \
log-prefix=OpenVPN_TCP protocol=tcp to-addresses=192.168.88.94 to-ports=443
Code: Select all
add action=passthrough chain=forward dst-port=44695 log=yes log-prefix=44695_forward protocol=tcp
add action=passthrough chain=input dst-port=44695 log=yes log-prefix=44695_input protocol=tcp
In telnet, I try to open a connection to my home IP via port 44695 and connection fails:
Code: Select all
Connecting To 69.207.177.35...Could not open connection to the host, on port 44695: Connect failed
Not sure what is causing packets to be blocked despite having NAT configured. Help is appreciated.