Community discussions

MikroTik App
  4. RouterOS
  5. General

OVPN connection doesn't work with ping or other traffic

Post Reply
 
trick2011
just joined
Topic Author
Posts: 3
Joined: Sun Jan 09, 2022 12:18 am

OVPN connection doesn't work with ping or other traffic

Sun Jan 09, 2022 12:35 am

I have an openVPN server which allows me to connect through a VPN to my network. I want to make it possible for all devices on a LAN to connect through my local router to the remote network.

The networks in play:
  • 88 my local subnet
  • 22 the subnet used by openVPN server DHCP
  • 20 the remote subnet where all the devices I want to connect to are located
Currently the OVPN server acts as a NAT from 22 to 20 and back. I don't want to change this.

I want to have it work that when I request a subnet 20 IP I get routed through the tunnel towards the network.

Current situation:

I have set up the following things:
  • a OVPN Client interface "ovpn-out1", which connects to my server fine.
  • a DHCP client on "ovpn-out1" but this doesn't work giving me an error saying that:
    Code: Select all
    interface is not running (6
  • a NAT in the firewall as follows:
    Code: Select all
     out-interface=ovpn-out1
chain=srcnat
action=masquerade
  • routing destined for subnets 20 and 22 to gateway ovpn-out1 which it says is reachable
I seem to have gotten an IP as pinging 22.2 works but the gateway is still unreachable.

What am I doing wrong? As far as I understand it should be possible to have the router act as a middleman which relays messages destined for subnet 20 through the VPN tunnel and it's server.
Last edited by trick2011 on Sun Jan 09, 2022 10:31 pm, edited 1 time in total.
Top
 
trick2011
just joined
Topic Author
Posts: 3
Joined: Sun Jan 09, 2022 12:18 am

Re: OVPN Concetrator setup not working

Sun Jan 09, 2022 10:17 pm

So I have found that the router does have an IP for the OVPN connection (so I removed the non working DHCP client) and the correct routing tables are set up to route through the OVPN server when the network is needed.
My routing table for these subnets is as follows and indicates to me that it should be able to route any subnet 20 and 22 request through 192.168.22.1
Code: Select all
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 2 ADS  192.168.20.0/24                    192.168.22.1              1
 3 ADC  192.168.22.0/24    192.168.22.2    ovpn-out1                   0
I have set up the following srcnat
Code: Select all
/interface list add name=VPN
/interface list member add comment=VPN interface=ovpn-out1 list=VPN
/ip firewall nat add action=masquerade chain=srcnat comment="VPN masquerade" ipsec-policy=out,none log=yes log-prefix=NAT out-interface-list=VPN
I have enabled the logging on the following firewall filter rule:
Code: Select all
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
However when I try to ping 192.168.22.1 from the router I get timeouts and only the outgoing traffic on the NAT is logged.
NAT srcnat: in:(unknown 0) out:ovpn-out1, proto ICMP (type 8, code 0), 192.168.22.2->192.168.22.1, len 56
No responses are logged. So the next important question is, how can I log the incoming ping responses? I know that 192.168.22.1 respons to ping as when I connect with another device and ping, it responds.
Top
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 689
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:
Contact own3r1138

Re: OVPN Concetrator setup not working

Mon Jan 10, 2022 9:55 pm

how can I log the incoming ping responses?
IP Firewall Mangel Mark an incoming connection with action= log and log prefix.
Last edited by own3r1138 on Wed Jan 12, 2022 10:35 am, edited 1 time in total.
Top
 
trick2011
just joined
Topic Author
Posts: 3
Joined: Sun Jan 09, 2022 12:18 am

Re: OVPN connection doesn't work with ping or other traffic

Mon Jan 10, 2022 10:06 pm

Code: Select all
 chain=input action=log src-address-list=<list of remote LAN addresses to filter out all the WAN noise> log=yes log-prefix="mark"
None logs from this mangle rule.
Top
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 689
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:
Contact own3r1138

Re: OVPN connection doesn't work with ping or other traffic

Wed Jan 12, 2022 10:08 am

@trick2011

You can also use /tools torch and filter it the way you want.
2022-01-12_11-35-39.png
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 689
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:
Contact own3r1138

Re: OVPN connection doesn't work with ping or other traffic

Wed Jan 12, 2022 7:14 pm

I never tried this Open VPN. But I am interested in this one and I have already heard about it. I also want to get more details. Thank you so much!
The current version of UDP has bugs if you don't want to have a bad experience on your first try of this protocol don't do it with this version. Other than reset due to TLS failing after 61min, it's all good.
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], ichyre, patrikg, unhuzpt and 53 guests
  4. RouterOS
  5. General