Answer the question
In order to leave comments, you need to log in
A
A
Andrey Evdokimov2021-09-29 16:08:20
Andrey Evdokimov, 2021-09-29 16:08:20
How to forward a client through Mikrotik OpenVPN to the internal network?
There is a Mikrotik router with an internal network 10.10.43.0/24, an OpenVPN client is configured on it. How to make port forwarding so that by connecting from the VPN client network 10.8.0.0/24 to the ip issued by Mikrotik 10.8.0.4 on port 4840, to reach the device on the internal network 10.10.43.200:4840?
This is how it doesn't work:
add action=dst-nat chain=dstnat dst-port=4840 in-interface=ovpn-out1 protocol=tcp to-addresses=10.10.43.203 to-ports=4840
add action=masquerade chain=srcnat out-interface=ovpn-out1 2 answer(s)
@Uncle_Stranger
@minimaximka
A
Andrey Evdokimov, 2021-09-30 @Uncle_Stranger
It appears "sometimes" it is necessary one more rule is necessary. Symptom: with dst-nat rule logging enabled, dstnat appears in the log: in:ether1 out:(unknown 0), src-mac **:**:**:**:**:**, proto TCP (SYN ),
add action=masquerade chain=srcnat dst-address=10.10.43.203 dst-port=4840 protocol=tcp
M
Maxim Karamyshev, 2021-09-30 @minimaximka
You don't have routes between the internal network and the vpn pool of clients, here's what you can do:
- change the subnets to 10.10.x.x/16 or 10.x.x.x/8 and on the clients enable adding a route by subnet class
- instead of dst -nat use netmap and disable masquerading for vpn clients, specify an explicit rule in the firewall with the accept action and move it higher.
Similar questions
M
K
M
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question