What's new

Routing between Ubuntu OpenVPN and MikroTik

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Roman

New Around Here
My goal is to be able to connect to private LAN (192.168.1.0/24) via Ubuntu VPS.

For example I want this forwarding: http://{Ubuntu WAN IP}:443 --> http://{Private LAN IP}:443

Please take a look at attached screenshots.

As I understand the problem is in inability to communicate between two gateways 192.168.7.1 and 192.168.1.1.

- Ubuntu VPS knows the route to private LAN subnet (192.168.1.0/24) and MikroTik router knows route to OpenVPN network (192.168.7.0/24).

- Ubuntu can ping MicroTik OpenVPN interface (192.168.7.2) and any OpenVPN client (192.168.7.0/24) and communication like http://{Ubuntu WAN IP}:443 --> http://{any OpenVPN client IP}:443 works fine.

- MikroTik can ping Ubuntu’s OpenVPN interface (192.168.7.1).

- Private LAN’s hosts (192.168.1.0/24) can ping MicroTik OpenVPN interface (192.168.7.2).

But !!!

- Ubuntu can’t ping MicroTik private LAN’s interface (192.168.1.1).

- Private LAN’s hosts (192.168.1.0/24) can’t ping Ubuntu’s OpenVPN interface (192.168.7.1).


I would very happy if someone is able to explain what’s really going on? Why routing doesn’t work?
 

Attachments

  • ubuntu_network_overview.jpg
    ubuntu_network_overview.jpg
    30 KB · Views: 502
  • ubuntu routing table.jpg
    ubuntu routing table.jpg
    43.7 KB · Views: 641
mikrotik only supports TCP openVPN and not UDP. But if you get past that, you'll need to NAT on mikrotik. I typically use a blanket rule that NATs VPN clients so that they can communicate with local stuff, because you have 2 local IPs, the client's local IP and the mikrotik's internal VPN gateway IP.

Under your PPP settings, add your clients to an address list, in your NAT, do the source NAT thing for your VPN address list with the out interface being the bridge.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top