MikroTik

Community discussions
https://forum.mikrotik.com/

openVPN firewall and NAT

https://forum.mikrotik.com/viewtopic.php?t=198000

Page 1 of 1

openVPN firewall and NAT

Posted: Sat Jul 22, 2023 1:23 pm
by pgh321
Hi, I had issues with a Wireguard "road warrior" setup with a Mikrotik RB2011 and a Android phone, so I tried OpenVPN and it seems to be working.
I've done all the certificates and ppp user-password stuff, then created the ip pool for ovpn
Code: Select all
/ip pool
add name=ovpn-pool ranges=192.168.100.10-192.168.100.20

/ip firewall filter
 
add chain=forward src-address=192.168.100.0/24 action=accept comment="Allow OpenVPN clients"
add chain=input protocol=tcp dst-port=1194 action=accept comment="Allow OpenVPN"
add chain=input in-interface=all-ppp action=accept comment="Allow OVPN clients"
It works, but WITHOUT src nat and proxy-arp that I read online were needed in some websites.

Now, if I am correct proxy-arp ( https://blog.nmoleosoftware.com/index.p ... outeros-7/ ) is not needed since the VPN pool is on a different network, not LAN: LAN is 192.168.1.X , I put such route in the ovpn client config file
route 192.168.1.0 255.255.255.0
(but I had already anyway proxy-arp in my local bridge from a previous L2TP setup)

Then, https://www.raffaelechiatto.com/configu ... n-interna/ says:
Code: Select all
/ip firewall nat
add chain=srcnat src-address=192.168.100.0/24 action=masquerade
But I seem to be able to VPN connect and then go outside on the public internet, so I don't understand what that srcnat does...

EDIT: sorry, I edited my post twice since I discovered other errors when checking again my setup...

Re: openVPN firewall and NAT

Posted: Sat Jul 22, 2023 4:57 pm
by anav
Where is your thread on the forum for the wireguard issues?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/