My PC can ping 10.0.0.1 and 90.90.90.1 but can't ping laptop.
Router can ping both.
It's because you have the following rule in your router that allows to ping it from literally any IP:
/ip firewall filter add action=accept chain=input comment="Allow ICMP" protocol=icmp
OVpn pool - 10.0.0.2-10.0.0.20
Did you whitelist these IPs in your router? I am fairly sure you have this firewall rule that drops such traffic, because 10.0.0.2-10.0.0.20 is coming from WAN interface and it's private IPs:
/ip firewall filter add action=drop chain=forward comment="Drop coming from WAN where source IP is private" in-interface-list=WAN src-address-list=not_in_internet
Before suggesting you anything, I hope you have these rules at the top of your "forward" chain:
/ip firewall filter add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related
/ip firewall filter add action=accept chain=forward comment="Allow established,related" connection-state=established,related
Now add these rules above those 2 rules - you will allow traffic coming from 10.0.0.2-10.0.0.20 and bypass fasttrack. Someone fix me on how to mark OpenVPN traffic, I've never set up OpenVPN in Mikrotik routers (there should be separate interface?):
/ip firewall filter add action=accept chain=forward src-address=10.0.0.2-10.0.0.20
/ip firewall filter add action=accept chain=forward dst-address=10.0.0.2-10.0.0.20
If you go with IPSEC, then adding these 2 rules instead is sufficient:
/ip firewall filter add action=accept chain=forward comment="Accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="Accept out ipsec policy" ipsec-policy=out,ipsec
Let me know if you managed to fix it :)
More info on firewall:
https://help.mikrotik.com/docs/display/ ... t+Firewall
