Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
fdroid2018-08-20 07:06:13
openvpn
fdroid, 2018-08-20 07:06:13

Why is Mikrotik OpenVPN client not connecting to the server?

OVPN server - Ubuntu 16.04, client - Mikrotik (ROS 6.42.6). Firewall is configured like this:

 /ip firewall filter> print 
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; Allow IGMP
      chain=input action=accept protocol=igmp in-interface=ether1wan log=no log-prefix="" 

 1    ;;; IPTV UDP incoming
      chain=input action=accept protocol=udp in-interface=ether1wan dst-port=1234 log=no log-prefix="" 

 2    ;;; IPTV UDP forwarding
      chain=forward action=accept protocol=udp dst-port=1234 log=no log-prefix="" 

 3    ;;; Allow ICMP
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 4    ;;; default drop
      chain=input action=drop in-interface=ether1wan log=no log-prefix=""

The OVPN connection is configured and instantly connects when the 4th default-drop rule is disabled. On the previous configuration of Mikrotik, everything also worked, but there I set it up without further ado through Quick Set, now I'm slowly setting it up on a clean configuration. It looks like the Firewall is dropping packets from the OVPN server and not allowing the connection to be established. Therefore, it is necessary to prescribe a rule before the drop that will allow the server to interact with the client. The question is - what rule should be added?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
F
fdroid, 2018-08-20
@fdroid

Solution: you need to allow established connections (rule 4).

0    ;;; Allow IGMP
      chain=input action=accept protocol=igmp in-interface=ether1wan log=no log-prefix="" 

 1    ;;; IPTV UDP incoming
      chain=input action=accept protocol=udp in-interface=ether1wan dst-port=1234 log=no log-prefix="" 

 2    ;;; IPTV UDP forwarding
      chain=forward action=accept protocol=udp dst-port=1234 log=no log-prefix="" 

 3    ;;; Allow ICMP
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 4    ;;; Allow established connections
      chain=input action=accept connection-state=established log=no log-prefix="" 

 5    ;;; default drop
      chain=input action=drop in-interface=ether1wan log=no log-prefix="dropall"

Similar questions
N
nikotja2015-04-28 16:45:55
Iphone and Ipad on iOS 8 drops connection via OpenVPN Connect. Is there a solution? 1Reply
N
nikkbelov2015-05-04 13:14:24
Setting up OpenVPN on Ubuntu 15.04? 2Reply
N
Nikname_non_name2019-10-02 00:14:18
Intermediate VPN server? 2Reply
D
Denis2019-10-06 20:39:32
Why does OpenVPN refuse to work when restarting wifi? 0Reply
A
AkZwork2019-10-20 03:00:54
How to direct all traffic in OpenVPN to DD-WRT and exclude some from there? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question