OpenVPN on Ubuntu + Mikrotik as Client for devices behind it
Posted: Tue Jun 07, 2022 2:36 pm
Hello all!
I am using OpenVPN on Ubuntu 20 for devices that are behind Mikrotik router. See below diagram.
OpenVPN Server configuration is below.
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
# topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh dh.pem
#tls-auth tls-auth.key 0
crl-verify crl.pem
ca ca.crt
cert server_xcVehZegEHjE22An.crt
key server_xcVehZegEHjE22An.key
auth SHA256
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
I have setup connection using OVPN profile (parsed by Mikrotik).
client
proto udp
explicit-exit-notify
remote FQDN 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_xcVehZegEHjE22An name
auth SHA256
auth-nocache
cipher AES-256-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
Client successfully connected to Server, but not showing any IP address.
I can ping Server 10.8.0.1 from Client and ICMP packets generate traffic.
Log shows connection from Client to Server is established
SERVER LOG (--verb 3):
But nothing happens when I try to use device behind Mikrotik router.
Does anyone have successfully implemented such solution with OpenVPN and Mikrotik?
I am using OpenVPN on Ubuntu 20 for devices that are behind Mikrotik router. See below diagram.
OpenVPN Server configuration is below.
Server Config
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
# topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh dh.pem
#tls-auth tls-auth.key 0
crl-verify crl.pem
ca ca.crt
cert server_xcVehZegEHjE22An.crt
key server_xcVehZegEHjE22An.key
auth SHA256
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
I have setup connection using OVPN profile (parsed by Mikrotik).
Client config
client
proto udp
explicit-exit-notify
remote FQDN 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_xcVehZegEHjE22An name
auth SHA256
auth-nocache
cipher AES-256-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
Client successfully connected to Server, but not showing any IP address.
I can ping Server 10.8.0.1 from Client and ICMP packets generate traffic.
Log shows connection from Client to Server is established
SERVER LOG (--verb 3):
Code: Select all
OpenVPN CLIENT LIST
Updated,Tue Jun 7 14:45:53 2022
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
tv,white-IP:33003,240395,240306,Tue Jun 7 13:49:42 2022
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,tv,white-IP:33003,Tue Jun 7 14:45:52 2022
GLOBAL STATS
Max bcast/mcast queue length,1
END
Does anyone have successfully implemented such solution with OpenVPN and Mikrotik?