Community discussions

MikroTik App
 
justlovingIT
just joined
Topic Author
Posts: 14
Joined: Mon May 04, 2015 7:21 pm
Location: Southern Europe

OpenVPN Client -> Mikrotik

Sat Jul 18, 2015 6:09 pm

Hi,

I've got a strange issue connecting a remote CentOS server to the built-in OpenVPN service on my CRS.

OVPN is working fine on all connected client PCs. Now I wanted to connect a remote server to this network (to give it access to a certain network service).

I've uploaded the config, CA cert etc. and everything seems to work - BUT in fact both sides can't reach each other even though the tunnel is up (according to openVPN).

I've double checked everything, credentials are ok, there are no firewall rules blocking and when downloading the complete config to my Ubuntu notebook it works like a charm. I can also see that connection has been established in RouterOS

Anyone got an idea what I'm missing?

The only thing I could think of would be some sort of incompability (server's running CentOS 6.x) but I think that's very unlikely - especially as the tunnel is created successfully.
 
Ape
Member Candidate
Member Candidate
Posts: 177
Joined: Sun Oct 06, 2013 3:32 pm
Location: Freiburg, Germany
Contact:

Re: OpenVPN Client -> Mikrotik

Sat Jul 18, 2015 6:28 pm

Hi,

your description of the topology is not detailed enough.
We need a plan of your network topology and some information about your adressing scheme to help you.

It could be possible that you need to use proxy arp. As I do not know your topology and adressing, this is just a guess.

Ape
 
justlovingIT
just joined
Topic Author
Posts: 14
Joined: Mon May 04, 2015 7:21 pm
Location: Southern Europe

Re: OpenVPN Client -> Mikrotik [solved]

Sat Jul 18, 2015 7:45 pm

Thanks for your reply. In fact the issue was dead simple.

Even though openVPNs default MTU is 1500 (and as such set on the MT device) the effective MTU turned out to be 1543
Setting a matching MTU in the client config resolved the issue and the OVPN connection is now stable and working.

I'm not 100% sure yet but I think this might be a RHEL/CentOS related issue as this was working fine on all Debian/Ubuntu clients/servers I used to connect to the VPN gateway. Think I'll investigate this further as soon as I got some spare time
 
Ape
Member Candidate
Member Candidate
Posts: 177
Joined: Sun Oct 06, 2013 3:32 pm
Location: Freiburg, Germany
Contact:

Re: OpenVPN Client -> Mikrotik

Sat Jul 18, 2015 8:45 pm

Hi,

thank you for sharing your finding.

I'm glad that you have figured out how to solve your problem.

That is in fact interesting, a MTU mismatch should not make the tunnel unusable but lead to fragmentation on the transport connection.


Ape

Who is online

Users browsing this forum: No registered users and 21 guests