Hi Michael, If you were using AstLinux instead of the Mikrotik in your home office I would point you to the Firewall tab ...
Network -> Firewall Configuration -> Firewall Options: ___ Allow OpenVPN Client tunnel to the [ 1st ] LAN Interface(s) ___ Allow OpenVPN Server tunnel to the [ 1st ] LAN Interface(s) So, for the Mikrotik it may be a similar firewall "forwarding" rule for the OpenVPN 'tun' interface <-> LAN interface. BTW, the proper OpenVPN config (your's looks good at a quick glance) will add the needed routes automatically. Lonnie > On Mar 11, 2020, at 6:31 AM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > > Hi Group > > I have been trying out Mikrotik’s RouterOS v7 specifically to test UDP > OpenVPN. > I have set up OpenVPN from my Home Office router (OpenVPN Client) to my > hosted Astlinux (OpenVPN Server) for telephony purposes only. > The connection has come up fine and I can ping the OpenVPN addresses each way > from the terminating devices but I cant for the life of me get connectivity > working from the Home Office LAN to the Astlinux OpenVPN address. > OpenVPN Subnet: 172.28.253.0/24. Astlinux gateway .1 > Home Office LAN: 172.16.16.0/24 > > I have set up the iroute file: > 3000-IPC_Prod-CM1 kd # cat openvpn/ccd/IPC_Home_Office > iroute 172.16.16.0 255.255.255.0 > > 3000-IPC_Prod-CM1 kd # ip route > default via 221.121.132.145 dev eth0 > 172.16.16.0/24 via 172.28.253.1 dev tun0 > 172.28.253.0/24 dev tun0 proto kernel scope link src 172.28.253.1 > ....... > > ### gui.openvpn.conf - start ### > ### > ### Auth Method > OVPN_USER_PASS_VERIFY="no" > ### Device > OVPN_DEV="tun0" > ### Port Number > OVPN_PORT="1194" > ### Protocol > OVPN_PROTOCOL="udp" > ### Log Verbosity > OVPN_VERBOSITY="4" > ### Compression > OVPN_LZO="no" > ### QoS Passthrough > OVPN_QOS="yes" > ### Cipher > OVPN_CIPHER="" > ### Auth HMAC > OVPN_AUTH="" > ### Allowed External Hosts > OVPN_TUNNEL_HOSTS="0/0" > ### Client Isolation > OVPN_CLIENT_ISOLATION="no" > ### Server Hostname > OVPN_HOSTNAME="30000.ipcaccess.net" > ### Server IPv4 Network > OVPN_SERVER="172.28.253.0 255.255.255.0" > ### Server IPv6 Network > OVPN_SERVERV6="" > ### Topology > OVPN_TOPOLOGY="subnet" > ### Server Push > OVPN_PUSH=" > " > ### Raw Commands > OVPN_OTHER=" > topology p2p > route-gateway 172.28.253.1 > route 172.16.16.0 255.255.255.0 > " > ### Private Key Size > OVPN_CERT_KEYSIZE="2048" > ### Signature Algorithm > OVPN_CERT_ALGORITHM="sha256" > ### CA File > OVPN_CA="/mnt/kd/openvpn/webinterface/keys/ca.crt" > ### CERT File > OVPN_CERT="/mnt/kd/openvpn/webinterface/keys/server.crt" > ### Key File > OVPN_KEY="/mnt/kd/openvpn/webinterface/keys/server.key" > ### DH File > OVPN_DH="/mnt/kd/openvpn/webinterface/dh1024.pem" > ### TLS-Auth File > OVPN_TA="" > ### Valid Clients > OVPN_VALIDCLIENTS=" > ........... > IPC_Home_Office > " > ### gui.openvpn.conf - end ### > > I have looked at the firewall log on the Mikrotik and nothing comes up as > being denied. Any ideas on where to go next? > Yes I realise it's a Beta version but as I can ping the OpenVPN address each > way, it just seems to be a routing problem. > > Thanks all. > > Regards > Michael Knill > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
