Page 1 of 1

OpenVPN on Ubuntu + Mikrotik as Client for devices behind it

Posted: Tue Jun 07, 2022 2:36 pm
by tornado21
Hello all!
I am using OpenVPN on Ubuntu 20 for devices that are behind Mikrotik router. See below diagram.
Image

OpenVPN Server configuration is below.
Server Config

port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
# topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh dh.pem
#tls-auth tls-auth.key 0
crl-verify crl.pem
ca ca.crt
cert server_xcVehZegEHjE22An.crt
key server_xcVehZegEHjE22An.key
auth SHA256
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3


I have setup connection using OVPN profile (parsed by Mikrotik).
Client config

client
proto udp
explicit-exit-notify
remote FQDN 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_xcVehZegEHjE22An name
auth SHA256
auth-nocache
cipher AES-256-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3


Client successfully connected to Server, but not showing any IP address.
Image

I can ping Server 10.8.0.1 from Client and ICMP packets generate traffic.
Image

Log shows connection from Client to Server is established
SERVER LOG (--verb 3):

Code: Select all

OpenVPN CLIENT LIST
Updated,Tue Jun  7 14:45:53 2022
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
tv,white-IP:33003,240395,240306,Tue Jun  7 13:49:42 2022
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,tv,white-IP:33003,Tue Jun  7 14:45:52 2022
GLOBAL STATS
Max bcast/mcast queue length,1
END
But nothing happens when I try to use device behind Mikrotik router.
Does anyone have successfully implemented such solution with OpenVPN and Mikrotik?

Re: OpenVPN on Ubuntu + Mikrotik as Client for devices behind it

Posted: Fri Jul 22, 2022 12:45 am
by nefton
Do microtick support UDP?
also this line may not work properly I think
push "redirect-gateway def1 bypass-dhcp"

better to write all routes manualy on mickrotic, but after you got IP from a server ofc

Re: OpenVPN on Ubuntu + Mikrotik as Client for devices behind it

Posted: Sun Jan 29, 2023 7:14 pm
by herberthalmeida
Olá,
tbm preciso usar a uma RB nateada apontando prum servidor linux OPENVPN. Alguem já fez isso?

Re: OpenVPN on Ubuntu + Mikrotik as Client for devices behind it

Posted: Thu Jul 13, 2023 6:39 am
by RobinHoodDotNetwork
In order for the Internet through VPN to start on the Mikrotik router OpenVPN client, you need to do at least two things on the router:
If you use Winbox
1. in the settings of the ovpn-out2 interface, check Add Default Route
2. in the Mikrotik firewall change the interface on which you mask the private network.
If this does not work, additional information will be needed.
Nikolay Petrov