The OpenVPN server does not see the network behind the Mikrotik. What's wrong?

D

delphin122016-01-08 17:12:33

linux

delphin12, 2016-01-08 17:12:33

Greetings! I know that the topic is hackneyed - but after reading a lot of manuals, the solution was not found.
Remotely raised ovpn server

port 1194
proto tcp
dev tun
user ovpn
group ovpn
cd /etc/ovpn
persist-key
persist-tun
dh /etc/ovpn/dh1024.pem
ca /etc/ovpn/ca.crt
cert /etc/ovpn/vpn.crt
key /etc/ovpn/vpn.key
server 192.168.1.0 255.255.255.0
client-config-dir /etc/ovpn/ccd
auth SHA1
cipher AES-256-CBC
client-to-client
topology subnet
max-clients 5
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
route 192.168.1.0 255.255.255.0
route 192.168.2.0 255.255.255.0
keepalive 10 120
status /var/log/ovpn/openvpn-status.log 1
status-version 3
log-append /var/log/ovpn/openvpn-server.log
verb 3
mute 20

# iptables -L -t nat --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

# sysctl -p
net.ipv4.ip_forward = 1

The ovpn client is up on Mikrotik. There is a connection, pings from the network for mikrotik (192.168.2.0 255.255.255.0) go to the ovpn server. But from the server, the network behind the Mikrotik is not visible.

ip route print 
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          45.44.46.1                1
 1 ADC  45.44.46.0/22      45.44.46.72     ether1-gateway            0
 2 ADC  192.168.1.1/32     192.168.1.2     ovpn-out1                 0
 3 ADC  192.168.2.0/24     192.168.2.1    bridge-local               0

ip firewall filter  print   
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward 

 1    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 2    ;;; default configuration
      chain=input action=accept connection-state=established,related log=no 
      log-prefix="" 

 3    ;;; default configuration
      chain=input action=drop in-interface=ether1-gateway log=no log-prefix="" 

 4    ;;; default configuration
      chain=forward action=fasttrack-connection 
      connection-state=established,related log=no log-prefix="" 

 5    ;;; default configuration
      chain=forward action=accept connection-state=established,related log=no 
      log-prefix="" 

 6    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix="" 

 7    ;;; default configuration
      chain=forward action=drop connection-state=new 
      connection-nat-state=!dstnat in-interface=ether1-gateway log=no 
      log-prefix="" 

 8    ;;; Deny invalid connections
      chain=input action=drop connection-state=invalid log=no log-prefix=""

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

Tan Chatn, 2016-01-10
@DUKAEV

Don't you suffer. If you have a regular vpn, then there are working scripts on the github.

A

ASPI, 2016-01-12
@ASPI

Add the route on your server - the network 192.168.2.0/24 is located behind the VPN tunnel