Re: [Astlinux-users] Mikrotik OpenVPN to Astlinux Routing Problem

Wed, 11 Mar 2020 12:46:26 -0700 

Thanks Lonnie. Just a question which I'm not sure of.
The Astlinux routing table points 172.16.16.0/24 to its own OpenVPN address 
(172.16.16.0/24 via 172.28.253.1 dev tun0). Is this correct? 
Shouldn't it point to the remote site OpenVPN address or is this how it works?

Regards
Michael Knill

On 11/3/20, 11:39 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:

    Hi Michael,
    
    If you were using AstLinux instead of the Mikrotik in your home office I 
would point you to the Firewall tab ...
    
    Network -> Firewall Configuration -> Firewall Options:
    
    ___ Allow OpenVPN Client tunnel to the [ 1st ] LAN Interface(s)
    
    ___ Allow OpenVPN Server tunnel to the [ 1st ] LAN Interface(s)
    
    
    So, for the Mikrotik it may be a similar firewall "forwarding" rule for the 
OpenVPN 'tun' interface <-> LAN interface.
    
    BTW, the proper OpenVPN config (your's looks good at a quick glance) will 
add the needed routes automatically.
    
    Lonnie
    
    
    
    > On Mar 11, 2020, at 6:31 AM, Michael Knill 
<michael.kn...@ipcsolutions.com.au> wrote:
    > 
    > Hi Group
    >  
    > I have been trying out Mikrotik’s RouterOS v7 specifically to test UDP 
OpenVPN.
    > I have set up OpenVPN from my Home Office router (OpenVPN Client) to my 
hosted Astlinux (OpenVPN Server) for telephony purposes only.
    > The connection has come up fine and I can ping the OpenVPN addresses each 
way from the terminating devices but I cant for the life of me get connectivity 
working from the Home Office LAN to the Astlinux OpenVPN address.
    > OpenVPN Subnet: 172.28.253.0/24. Astlinux gateway .1
    > Home Office LAN: 172.16.16.0/24
    >  
    > I have set up the iroute file:
    > 3000-IPC_Prod-CM1 kd # cat openvpn/ccd/IPC_Home_Office
    > iroute 172.16.16.0 255.255.255.0
    >  
    > 3000-IPC_Prod-CM1 kd # ip route
    > default via 221.121.132.145 dev eth0
    > 172.16.16.0/24 via 172.28.253.1 dev tun0
    > 172.28.253.0/24 dev tun0  proto kernel  scope link  src 172.28.253.1
    > .......
    >  
    > ### gui.openvpn.conf - start ###
    > ###
    > ### Auth Method
    > OVPN_USER_PASS_VERIFY="no"
    > ### Device
    > OVPN_DEV="tun0"
    > ### Port Number
    > OVPN_PORT="1194"
    > ### Protocol
    > OVPN_PROTOCOL="udp"
    > ### Log Verbosity
    > OVPN_VERBOSITY="4"
    > ### Compression
    > OVPN_LZO="no"
    > ### QoS Passthrough
    > OVPN_QOS="yes"
    > ### Cipher
    > OVPN_CIPHER=""
    > ### Auth HMAC
    > OVPN_AUTH=""
    > ### Allowed External Hosts
    > OVPN_TUNNEL_HOSTS="0/0"
    > ### Client Isolation
    > OVPN_CLIENT_ISOLATION="no"
    > ### Server Hostname
    > OVPN_HOSTNAME="30000.ipcaccess.net"
    > ### Server IPv4 Network
    > OVPN_SERVER="172.28.253.0 255.255.255.0"
    > ### Server IPv6 Network
    > OVPN_SERVERV6=""
    > ### Topology
    > OVPN_TOPOLOGY="subnet"
    > ### Server Push
    > OVPN_PUSH="
    > "
    > ### Raw Commands
    > OVPN_OTHER="
    > topology p2p
    > route-gateway 172.28.253.1
    > route 172.16.16.0 255.255.255.0
    > "
    > ### Private Key Size
    > OVPN_CERT_KEYSIZE="2048"
    > ### Signature Algorithm
    > OVPN_CERT_ALGORITHM="sha256"
    > ### CA File
    > OVPN_CA="/mnt/kd/openvpn/webinterface/keys/ca.crt"
    > ### CERT File
    > OVPN_CERT="/mnt/kd/openvpn/webinterface/keys/server.crt"
    > ### Key File
    > OVPN_KEY="/mnt/kd/openvpn/webinterface/keys/server.key"
    > ### DH File
    > OVPN_DH="/mnt/kd/openvpn/webinterface/dh1024.pem"
    > ### TLS-Auth File
    > OVPN_TA=""
    > ### Valid Clients
    > OVPN_VALIDCLIENTS="
    > ...........
    > IPC_Home_Office
    > "
    > ### gui.openvpn.conf - end ###
    >  
    > I have looked at the firewall log on the Mikrotik and nothing comes up as 
being denied. Any ideas on where to go next?
    > Yes I realise it's a Beta version but as I can ping the OpenVPN address 
each way, it just seems to be a routing problem.
    >  
    > Thanks all.
    >  
    > Regards
    > Michael Knill
    > _______________________________________________
    > Astlinux-users mailing list
    > Astlinux-users@lists.sourceforge.net
    > https://lists.sourceforge.net/lists/listinfo/astlinux-users
    > 
    > Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.
    
    
    
    _______________________________________________
    Astlinux-users mailing list
    Astlinux-users@lists.sourceforge.net
    https://lists.sourceforge.net/lists/listinfo/astlinux-users
    
    Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.


_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to