D
D
dhemming2020-05-12 00:28:16
openvpn
dhemming, 2020-05-12 00:28:16

How to set up Site-to-site OpenVPN between Mikrotik routers and DD-WRT?

Good day to all!
For several days I have been trying to set up such a configuration:
There is an Asus RT-N18U router with DD-Wrt firmware. It has an OpenVPN server.
I have a Mikrotik HeX router. It acts as an OpenVPN Client.
Asus router
local subnet 192.168.1.0/24 Mikrotik router local subnet 192.168.2.0/24
OpenVPN tunnel subnet 192.168.4.0/24
There is a connection between the client and the server, devices from the client subnet can easily ping devices from the server subnet.
But the problem is that the ping does not go back (ie from the server subnet to the client subnet).

I believe that the problem lies in the fact that I do not understand how to configure the Firewall on the client - the Mikrotik router. Now in the Firewall config on the client there is only one rule that allows incoming traffic on the interface of the OpenVPN connection.

Who can tell me how to configure Firewall and NAT on the OpenVPN Mikrotik client to pass traffic from the server subnet to the client subnet?

Firewall rules with DD-WRT are attached:

iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -A FORWARD -s 192.168.4.0/24 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.4.0/24 -o eth0 -j MASQUERADE


If you need any additional information - I'm ready to provide it :)

Answer the question

In order to leave comments, you need to log in

1 answer(s)
G
Gregory, 2020-05-12
@Maxlinus

mikrotik should NOT have a rule blocking OpenVPN and you need to add routes on two routers.
mikroitk on openvpn ip receives?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question