Community discussions

MikroTik App
  4. RouterOS
  5. General

openVPN firewall and NAT

Post Reply
 
pgh321
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Fri Jan 03, 2014 7:35 pm

openVPN firewall and NAT

Sat Jul 22, 2023 1:23 pm

Hi, I had issues with a Wireguard "road warrior" setup with a Mikrotik RB2011 and a Android phone, so I tried OpenVPN and it seems to be working.
I've done all the certificates and ppp user-password stuff, then created the ip pool for ovpn
Code: Select all
/ip pool
add name=ovpn-pool ranges=192.168.100.10-192.168.100.20

/ip firewall filter
 
add chain=forward src-address=192.168.100.0/24 action=accept comment="Allow OpenVPN clients"
add chain=input protocol=tcp dst-port=1194 action=accept comment="Allow OpenVPN"
add chain=input in-interface=all-ppp action=accept comment="Allow OVPN clients"
It works, but WITHOUT src nat and proxy-arp that I read online were needed in some websites.

Now, if I am correct proxy-arp ( https://blog.nmoleosoftware.com/index.p ... outeros-7/ ) is not needed since the VPN pool is on a different network, not LAN: LAN is 192.168.1.X , I put such route in the ovpn client config file
route 192.168.1.0 255.255.255.0
(but I had already anyway proxy-arp in my local bridge from a previous L2TP setup)

Then, https://www.raffaelechiatto.com/configu ... n-interna/ says:
Code: Select all
/ip firewall nat
add chain=srcnat src-address=192.168.100.0/24 action=masquerade
But I seem to be able to VPN connect and then go outside on the public internet, so I don't understand what that srcnat does...

EDIT: sorry, I edited my post twice since I discovered other errors when checking again my setup...
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 22135
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: openVPN firewall and NAT

Sat Jul 22, 2023 4:57 pm

Where is your thread on the forum for the wireguard issues?
Top
Post Reply
  4. RouterOS
  5. General