OVPN issue cannot PING from LAN to connected networks
Posted: Sun Sep 05, 2021 9:34 pm
Hello,
I am having an issue where I cannot ping from my LAN 10.0.2.0/24 to the network connected via OVPN.
OVPN server is RB4011iGS+5HacQ2HnD and the client is the RB4011iGS+5HacQ2HnD, software version are different client is newer software.
When I originally set it up it was working. But then something changed.
Routes on client:
If I use sniffer I can see the packets coming back and are destined for the LAN host but they never reach it.
I have NAT enabled for the interface on client:
But the packets are not making it back any suggestions please.
I can ping from the Router(Client) to the connected networks no problem:
On the Router(Server) I did a rule to be able to reach the host via nat rule that works but I should be able to reach these networks without the mapping rule:
I am having an issue where I cannot ping from my LAN 10.0.2.0/24 to the network connected via OVPN.
OVPN server is RB4011iGS+5HacQ2HnD and the client is the RB4011iGS+5HacQ2HnD, software version are different client is newer software.
When I originally set it up it was working. But then something changed.
Routes on client:
Code: Select all
8 A S 192.168.0.0/24 ovpn-aquaregiaf... 1
9 A S 192.168.1.0/24 ovpn-aquaregiaf... 1
10 ADC 192.168.8.0/24 192.168.8.10 ovpn-aquaregiaf... 0
11 A S 192.168.88.0/24 ovpn-aquaregiaf... 1Code: Select all
[iaskakho@gateway1] /tool sniffer> quick ip-address=192.168.0.1 direction=rx /
INTERFACE TIME NUM DIR SRC-MAC DST-MAC VLAN SRC-ADDRESS DST-ADDRESS PROTOCOL SIZE CPU FP
ether4 0.789 1 <- 98:E7:43:7F:47:32 2C:C8:1B:90:33:A8 10.0.2.48 192.168.0.1 ip:icmp 98 1 no
bridge 0.789 2 <- 98:E7:43:7F:47:32 2C:C8:1B:90:33:A8 10.0.2.48 192.168.0.1 ip:icmp 98 1 no
ether4 1.814 3 <- 98:E7:43:7F:47:32 2C:C8:1B:90:33:A8 10.0.2.48 192.168.0.1 ip:icmp 98 1 no
bridge 1.814 4 <- 98:E7:43:7F:47:32 2C:C8:1B:90:33:A8 10.0.2.48 192.168.0.1 ip:icmp 98 1 no
Code: Select all
11 chain=srcnat action=masquerade out-interface=ovpn-aquaregiaf log=yesBut the packets are not making it back any suggestions please.
I can ping from the Router(Client) to the connected networks no problem:
Code: Select all
[iaskakho@gateway1] /ip route> /ping 192.168.0.1 count=3
SEQ HOST SIZE TTL TIME STATUS
0 192.168.0.1 56 63 62ms
1 192.168.0.1 56 63 61ms
2 192.168.0.1 56 63 62ms
sent=3 received=3 packet-loss=0% min-rtt=61ms avg-rtt=61ms max-rtt=62msCode: Select all
[iaskakho@gateway] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 chain=dstnat action=dst-nat to-addresses=192.168.0.1 to-ports=80 protocol=tcp in-interface=<ovpn-gateway1> dst-port=8081 log=no log-prefix=""
LAN PC:
root ~ telnet 192.168.8.1 8081
Trying 192.168.8.1...
Connected to 192.168.8.1.
Escape character is '^]'.
^]